diff --git a/.buildkite/ftr_oblt_stateful_configs.yml b/.buildkite/ftr_oblt_stateful_configs.yml index 1d6d834b74279..6f0cb38be3a62 100644 --- a/.buildkite/ftr_oblt_stateful_configs.yml +++ b/.buildkite/ftr_oblt_stateful_configs.yml @@ -3,9 +3,10 @@ disabled: - x-pack/plugins/observability_solution/observability_onboarding/e2e/ftr_config_open.ts - x-pack/plugins/observability_solution/observability_onboarding/e2e/ftr_config_runner.ts - x-pack/plugins/observability_solution/observability_onboarding/e2e/ftr_config.ts - - x-pack/plugins/observability_solution/apm/ftr_e2e/ftr_config_open.ts - x-pack/plugins/observability_solution/apm/ftr_e2e/ftr_config_run.ts - x-pack/plugins/observability_solution/apm/ftr_e2e/ftr_config.ts + - x-pack/plugins/observability_solution/inventory/e2e/ftr_config_run.ts + - x-pack/plugins/observability_solution/inventory/e2e/ftr_config.ts - x-pack/plugins/observability_solution/profiling/e2e/ftr_config_open.ts - x-pack/plugins/observability_solution/profiling/e2e/ftr_config_runner.ts - x-pack/plugins/observability_solution/profiling/e2e/ftr_config.ts diff --git a/.buildkite/ftr_platform_stateful_configs.yml b/.buildkite/ftr_platform_stateful_configs.yml index 60b702fa1d8fc..6958ec4530ae8 100644 --- a/.buildkite/ftr_platform_stateful_configs.yml +++ b/.buildkite/ftr_platform_stateful_configs.yml @@ -39,6 +39,9 @@ disabled: - x-pack/test/fleet_cypress/config.space_awareness.ts - x-pack/test/fleet_cypress/visual_config.ts + # Default http2 config to use for performance journeys + - x-pack/performance/configs/http2_config.ts + defaultQueue: 'n2-4-spot' enabled: - test/accessibility/config.ts @@ -345,6 +348,7 @@ enabled: - x-pack/test/usage_collection/config.ts - x-pack/performance/journeys_e2e/aiops_log_rate_analysis.ts - x-pack/performance/journeys_e2e/ecommerce_dashboard.ts + - x-pack/performance/journeys_e2e/ecommerce_dashboard_http2.ts - x-pack/performance/journeys_e2e/ecommerce_dashboard_map_only.ts - x-pack/performance/journeys_e2e/flight_dashboard.ts - x-pack/performance/journeys_e2e/login.ts @@ -358,6 +362,7 @@ enabled: - x-pack/performance/journeys_e2e/web_logs_dashboard_esql.ts - x-pack/performance/journeys_e2e/web_logs_dashboard_dataview.ts - x-pack/performance/journeys_e2e/data_stress_test_lens.ts + - x-pack/performance/journeys_e2e/data_stress_test_lens_http2.ts - x-pack/performance/journeys_e2e/ecommerce_dashboard_saved_search_only.ts - x-pack/performance/journeys_e2e/ecommerce_dashboard_tsvb_gauge_only.ts - x-pack/performance/journeys_e2e/dashboard_listing_page.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 6d42c030b2d4f..eb2b8e3a06873 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -98,6 +98,7 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_endpoint/configs/serverless.endpoint.config.ts - x-pack/test/security_solution_endpoint/configs/serverless.integrations.config.ts # serverless config files that run deployment-agnostic tests diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index dbe529596102e..aa37c6f52fb8c 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -85,6 +85,7 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_endpoint/configs/endpoint.config.ts - x-pack/test/security_solution_endpoint/configs/integrations.config.ts - x-pack/test/api_integration/apis/cloud_security_posture/config.ts diff --git a/.buildkite/pipeline-resource-definitions/kibana-es-snapshots.yml b/.buildkite/pipeline-resource-definitions/kibana-es-snapshots.yml index d386542fbdf0c..7146363bcc552 100644 --- a/.buildkite/pipeline-resource-definitions/kibana-es-snapshots.yml +++ b/.buildkite/pipeline-resource-definitions/kibana-es-snapshots.yml @@ -22,7 +22,7 @@ spec: SLACK_NOTIFICATIONS_CHANNEL: '#kibana-operations-alerts' ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' allow_rebuilds: true - branch_configuration: main 8.x 8.15 7.17 + branch_configuration: main 8.x 8.16 8.15 7.17 default_branch: main repository: elastic/kibana pipeline_file: .buildkite/pipelines/es_snapshots/build.yml @@ -88,7 +88,7 @@ spec: SLACK_NOTIFICATIONS_CHANNEL: '#kibana-operations-alerts' ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' allow_rebuilds: true - branch_configuration: main 8.x 8.15 7.17 + branch_configuration: main 8.x 8.16 8.15 7.17 default_branch: main repository: elastic/kibana pipeline_file: .buildkite/pipelines/es_snapshots/promote.yml @@ -138,7 +138,7 @@ spec: ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' REPORT_FAILED_TESTS_TO_GITHUB: 'true' allow_rebuilds: true - branch_configuration: main 8.x 8.15 7.17 + branch_configuration: main 8.x 8.16 8.15 7.17 default_branch: main repository: elastic/kibana pipeline_file: .buildkite/pipelines/es_snapshots/verify.yml diff --git a/.buildkite/pipeline-resource-definitions/kibana-on-merge-unsupported-ftrs.yml b/.buildkite/pipeline-resource-definitions/kibana-on-merge-unsupported-ftrs.yml index a6ddb28309987..b2ec63310cc6c 100644 --- a/.buildkite/pipeline-resource-definitions/kibana-on-merge-unsupported-ftrs.yml +++ b/.buildkite/pipeline-resource-definitions/kibana-on-merge-unsupported-ftrs.yml @@ -22,7 +22,7 @@ spec: SLACK_NOTIFICATIONS_CHANNEL: '#kibana-unsupported-ftrs-alerts' ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' allow_rebuilds: true - branch_configuration: main 8.x 8.15 7.17 + branch_configuration: main 8.x 8.16 8.15 7.17 default_branch: main repository: elastic/kibana pipeline_file: .buildkite/pipelines/on_merge_unsupported_ftrs.yml diff --git a/.buildkite/pipeline-resource-definitions/kibana-on-merge.yml b/.buildkite/pipeline-resource-definitions/kibana-on-merge.yml index e524adc786c0e..5b71b58b8a00f 100644 --- a/.buildkite/pipeline-resource-definitions/kibana-on-merge.yml +++ b/.buildkite/pipeline-resource-definitions/kibana-on-merge.yml @@ -25,7 +25,7 @@ spec: REPORT_FAILED_TESTS_TO_GITHUB: 'true' ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' allow_rebuilds: true - branch_configuration: main 8.x 8.15 7.17 + branch_configuration: main 8.x 8.16 8.15 7.17 default_branch: main repository: elastic/kibana pipeline_file: .buildkite/pipelines/on_merge.yml diff --git a/.buildkite/pipelines/chrome_forward_testing.yml b/.buildkite/pipelines/chrome_forward_testing.yml index 76069f6ad8070..6dafddd8b2c5c 100644 --- a/.buildkite/pipelines/chrome_forward_testing.yml +++ b/.buildkite/pipelines/chrome_forward_testing.yml @@ -345,17 +345,6 @@ steps: - exit_status: '-1' limit: 1 - - command: .buildkite/scripts/steps/checks.sh - label: 'Checks' - agents: - machineType: n2-standard-2 - preemptible: true - timeout_in_minutes: 60 - retry: - automatic: - - exit_status: '-1' - limit: 3 - - wait: ~ continue_on_failure: true diff --git a/.buildkite/pipelines/flaky_tests/groups.json b/.buildkite/pipelines/flaky_tests/groups.json index 292c5fe33397c..9d47bdd850b94 100644 --- a/.buildkite/pipelines/flaky_tests/groups.json +++ b/.buildkite/pipelines/flaky_tests/groups.json @@ -23,7 +23,7 @@ { "key": "cypress/security_serverless_explore", "name": "[Serverless] Security Solution Explore - Cypress" - }, + }, { "key": "cypress/security_solution_rule_management", "name": "Security Solution Rule Management - Cypress" @@ -87,6 +87,10 @@ { "key": "cypress/apm_cypress", "name": "APM - Cypress" + }, + { + "key": "cypress/inventory_cypress", + "name": "Inventory - Cypress" } ] -} +} \ No newline at end of file diff --git a/.buildkite/pipelines/on_merge.yml b/.buildkite/pipelines/on_merge.yml index e42f34bfba1fa..0e87d401c196e 100644 --- a/.buildkite/pipelines/on_merge.yml +++ b/.buildkite/pipelines/on_merge.yml @@ -532,6 +532,20 @@ steps: - exit_status: '-1' limit: 3 + - command: .buildkite/scripts/steps/checks/capture_oas_snapshot.sh + label: 'Check OAS Snapshot' + agents: + image: family/kibana-ubuntu-2004 + imageProject: elastic-images-prod + provider: gcp + machineType: n2-standard-2 + preemptible: true + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 + - command: .buildkite/scripts/steps/storybooks/build_and_upload.sh label: 'Build Storybooks' agents: diff --git a/.buildkite/pipelines/on_merge_unsupported_ftrs.yml b/.buildkite/pipelines/on_merge_unsupported_ftrs.yml index c7ac27e032bd8..cf1a523be5a32 100644 --- a/.buildkite/pipelines/on_merge_unsupported_ftrs.yml +++ b/.buildkite/pipelines/on_merge_unsupported_ftrs.yml @@ -80,3 +80,20 @@ steps: limit: 3 - exit_status: '*' limit: 1 + + - command: .buildkite/scripts/steps/functional/inventory_cypress.sh + label: 'Inventory Cypress Tests' + agents: + image: family/kibana-ubuntu-2004 + imageProject: elastic-images-prod + provider: gcp + machineType: n2-standard-4 + preemptible: true + depends_on: build + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '-1' + limit: 3 + - exit_status: '*' + limit: 1 diff --git a/.buildkite/pipelines/pull_request/base.yml b/.buildkite/pipelines/pull_request/base.yml index 2f2e0a739a304..c60d68bd2e88b 100644 --- a/.buildkite/pipelines/pull_request/base.yml +++ b/.buildkite/pipelines/pull_request/base.yml @@ -109,6 +109,17 @@ steps: - exit_status: '-1' limit: 3 + - command: .buildkite/scripts/steps/checks/capture_oas_snapshot.sh + label: 'Check OAS Snapshot' + agents: + machineType: n2-standard-2 + preemptible: true + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 + - command: .buildkite/scripts/steps/api_docs/build_api_docs.sh label: 'Build API Docs' agents: diff --git a/.buildkite/pipelines/pull_request/inventory_cypress.yml b/.buildkite/pipelines/pull_request/inventory_cypress.yml new file mode 100644 index 0000000000000..371cd80b02cdf --- /dev/null +++ b/.buildkite/pipelines/pull_request/inventory_cypress.yml @@ -0,0 +1,17 @@ +steps: + - command: .buildkite/scripts/steps/functional/inventory_cypress.sh + label: 'Inventory Cypress Tests' + agents: + machineType: n2-standard-4 + preemptible: true + depends_on: + - build + - quick_checks + timeout_in_minutes: 120 + parallelism: 1 + retry: + automatic: + - exit_status: '-1' + limit: 3 + - exit_status: '*' + limit: 1 diff --git a/.buildkite/pull_requests.json b/.buildkite/pull_requests.json index de7f0197c100c..20785e92be1b5 100644 --- a/.buildkite/pull_requests.json +++ b/.buildkite/pull_requests.json @@ -20,15 +20,12 @@ "skip_target_branches": ["6.8", "7.11", "7.12"], "enable_skippable_commits": true, "skip_ci_on_only_changed": [ - "^dev_docs/", "^docs/", "^rfcs/", "^\\.github/", "\\.md$", - "\\.mdx$", "^api_docs/.+\\.devdocs\\.json$", "^\\.backportrc\\.json$", - "^nav-kibana-dev\\.docnav\\.json$", "^src/dev/prs/kibana_qa_pr_list\\.json$", "^\\.buildkite/pull_requests\\.json$", "^\\.devcontainer/" diff --git a/.buildkite/scripts/pipelines/pull_request/pipeline.ts b/.buildkite/scripts/pipelines/pull_request/pipeline.ts index 4065d3b915fe7..8b9a4b62e6029 100644 --- a/.buildkite/scripts/pipelines/pull_request/pipeline.ts +++ b/.buildkite/scripts/pipelines/pull_request/pipeline.ts @@ -77,6 +77,16 @@ const getPipeline = (filename: string, removeSteps = true) => { pipeline.push(getPipeline('.buildkite/pipelines/pull_request/apm_cypress.yml')); } + if ( + (await doAnyChangesMatch([ + /^x-pack\/plugins\/observability_solution\/inventory/, + /^packages\/kbn-apm-synthtrace/, + ])) || + GITHUB_PR_LABELS.includes('ci:all-cypress-suites') + ) { + pipeline.push(getPipeline('.buildkite/pipelines/pull_request/inventory_cypress.yml')); + } + if ( (await doAnyChangesMatch([ /^x-pack\/plugins\/observability_solution\/observability_onboarding/, diff --git a/.buildkite/scripts/steps/checks.sh b/.buildkite/scripts/steps/checks.sh index 50ee0363ad93f..d6c4f1b80569f 100755 --- a/.buildkite/scripts/steps/checks.sh +++ b/.buildkite/scripts/steps/checks.sh @@ -10,7 +10,6 @@ if [[ "${FTR_ENABLE_FIPS_AGENT:-}" == "true" ]]; then fi .buildkite/scripts/steps/checks/saved_objects_compat_changes.sh .buildkite/scripts/steps/checks/saved_objects_definition_change.sh -.buildkite/scripts/steps/capture_oas_snapshot.sh .buildkite/scripts/steps/code_generation/elastic_assistant_codegen.sh .buildkite/scripts/steps/code_generation/security_solution_codegen.sh .buildkite/scripts/steps/openapi_bundling/security_solution_openapi_bundling.sh diff --git a/.buildkite/scripts/steps/capture_oas_snapshot.sh b/.buildkite/scripts/steps/checks/capture_oas_snapshot.sh similarity index 84% rename from .buildkite/scripts/steps/capture_oas_snapshot.sh rename to .buildkite/scripts/steps/checks/capture_oas_snapshot.sh index dc0ac88891f4f..98a825919f077 100755 --- a/.buildkite/scripts/steps/capture_oas_snapshot.sh +++ b/.buildkite/scripts/steps/checks/capture_oas_snapshot.sh @@ -2,6 +2,8 @@ set -euo pipefail +.buildkite/scripts/bootstrap.sh + source .buildkite/scripts/common/util.sh echo --- Capture OAS snapshot @@ -14,5 +16,10 @@ if [[ $BUILDKITE_PULL_REQUEST != "false" && "$BUILDKITE_PULL_REQUEST_BASE_BRANCH cmd="$cmd --no-serverless" fi -eval "$cmd" -check_for_changed_files "$cmd" true \ No newline at end of file +run_check() { + eval "$cmd" +} + +retry 5 15 run_check + +check_for_changed_files "$cmd" true diff --git a/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh b/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh index 6b70799ec809a..ef0550df79497 100755 --- a/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh +++ b/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh @@ -69,3 +69,12 @@ cat << EOT | buildkite-agent annotate --style "success"
Kibana commit: $BUILDKITE_COMMIT
Elasticsearch commit: $ELASTIC_COMMIT_HASH EOT + +cat << EOF | buildkite-agent pipeline upload +steps: + - label: "Builds Kibana VM images for cache update" + trigger: kibana-vm-images + build: + env: + IMAGES_CONFIG="kibana/images.yml" +EOF diff --git a/.buildkite/scripts/steps/es_snapshots/promote.sh b/.buildkite/scripts/steps/es_snapshots/promote.sh index 5654d7bd3b8d3..3e7abc9c3d0c2 100755 --- a/.buildkite/scripts/steps/es_snapshots/promote.sh +++ b/.buildkite/scripts/steps/es_snapshots/promote.sh @@ -19,7 +19,7 @@ if [[ "$BUILDKITE_BRANCH" == "main" ]]; then cat << EOF | buildkite-agent pipeline upload steps: - label: "Builds Kibana VM images for cache update" - trigger: ci-vm-images + trigger: kibana-vm-images build: env: IMAGES_CONFIG="kibana/images.yml" diff --git a/.buildkite/scripts/steps/functional/inventory_cypress.sh b/.buildkite/scripts/steps/functional/inventory_cypress.sh new file mode 100644 index 0000000000000..b238b62c9c1fe --- /dev/null +++ b/.buildkite/scripts/steps/functional/inventory_cypress.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source .buildkite/scripts/common/util.sh + +.buildkite/scripts/bootstrap.sh +.buildkite/scripts/download_build_artifacts.sh + +export JOB=kibana-inventory-onboarding-cypress + +echo "--- Observability Inventory Cypress Tests" + +cd "$XPACK_DIR" + +node plugins/observability_solution/inventory/scripts/test/e2e.js \ + --kibana-install-dir "$KIBANA_BUILD_LOCATION" \ \ No newline at end of file diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a844a2decb292..f3e14315cbe08 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -534,6 +534,7 @@ x-pack/plugins/integration_assistant @elastic/security-scalability src/plugins/interactive_setup @elastic/kibana-security test/interactive_setup_api_integration/plugins/test_endpoints @elastic/kibana-security packages/kbn-interpreter @elastic/kibana-visualizations +x-pack/plugins/observability_solution/inventory/e2e @elastic/obs-ux-infra_services-team x-pack/plugins/observability_solution/inventory @elastic/obs-ux-infra_services-team x-pack/plugins/observability_solution/investigate_app @elastic/obs-ux-management-team x-pack/plugins/observability_solution/investigate @elastic/obs-ux-management-team diff --git a/NOTICE.txt b/NOTICE.txt index bdd6a95e57b04..9cd38e6773d88 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -214,6 +214,32 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +--- +This code is forked from the `react-monaco-editor` +https://github.com/react-monaco-editor/react-monaco-editor/blob/975cc47b5cb411ee2ffcbdb973daa9342e81a805/src/editor.tsx + +The MIT License (MIT) + +Copyright (c) 2016-present Leon Shi + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + --- This code is part of the Services provided by FullStory, Inc. For license information, please refer to https://www.fullstory.com/legal/terms-and-conditions/ Portions of this code are licensed under the following license: diff --git a/config/serverless.es.yml b/config/serverless.es.yml index 693f573d8c9aa..eb3af92c89963 100644 --- a/config/serverless.es.yml +++ b/config/serverless.es.yml @@ -17,7 +17,7 @@ xpack.osquery.enabled: false xpack.fleet.enabled: true xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false xpack.fleet.internal.registry.spec.min: '3.0' -xpack.fleet.internal.registry.spec.max: '3.2' +xpack.fleet.internal.registry.spec.max: '3.3' xpack.fleet.packages: # fleet_server package installed to publish agent metrics - name: fleet_server diff --git a/package.json b/package.json index 2fc8ba6e22aef..ce578db9e7d41 100644 --- a/package.json +++ b/package.json @@ -1218,7 +1218,6 @@ "react-intl": "6.6.6", "react-is": "^17.0.2", "react-markdown": "^6.0.3", - "react-monaco-editor": "^0.54.0", "react-popper-tooltip": "^3.1.1", "react-recompose": "^0.33.0", "react-redux": "^7.2.8", @@ -1444,6 +1443,7 @@ "@kbn/get-repo-files": "link:packages/kbn-get-repo-files", "@kbn/import-locator": "link:packages/kbn-import-locator", "@kbn/import-resolver": "link:packages/kbn-import-resolver", + "@kbn/inventory-e2e": "link:x-pack/plugins/observability_solution/inventory/e2e", "@kbn/jest-serializers": "link:packages/kbn-jest-serializers", "@kbn/journeys": "link:packages/kbn-journeys", "@kbn/json-ast": "link:packages/kbn-json-ast", diff --git a/packages/content-management/content_editor/src/components/editor_flyout_content.tsx b/packages/content-management/content_editor/src/components/editor_flyout_content.tsx index 8db5e59b1fc27..cf9bead5a4e30 100644 --- a/packages/content-management/content_editor/src/components/editor_flyout_content.tsx +++ b/packages/content-management/content_editor/src/components/editor_flyout_content.tsx @@ -79,6 +79,22 @@ export const ContentEditorFlyoutContent: FC = ({ const i18nTexts = useMemo(() => getI18nTexts({ entityName }), [entityName]); const form = useMetadataForm({ item, customValidators }); + const hasNoChanges = () => { + const itemTags = item.tags.map((obj) => obj.id).sort(); + const formTags = form.tags.value.slice().sort(); + + const compareTags = (arr1: string[], arr2: string[]) => { + if (arr1.length !== arr2.length) return false; + return arr1.every((tag: string, index) => tag === arr2[index]); + }; + + return ( + item.title === form.title.value && + item.description === form.description.value && + compareTags(itemTags, formTags) + ); + }; + const onClickSave = useCallback(async () => { if (form.isValid && onSave && !form.getIsChangingValue()) { const id = item.id; @@ -177,7 +193,7 @@ export const ContentEditorFlyoutContent: FC = ({ onClick={onClickSave} data-test-subj="saveButton" fill - disabled={isSubmitted && !form.isValid} + disabled={(isSubmitted && !form.isValid) || hasNoChanges()} isLoading={isSubmitting} > {i18nTexts.saveButtonLabel} diff --git a/packages/content-management/content_editor/src/components/inspector_flyout_content.test.tsx b/packages/content-management/content_editor/src/components/inspector_flyout_content.test.tsx index b21c325ca9ed5..44ac09d8d666e 100644 --- a/packages/content-management/content_editor/src/components/inspector_flyout_content.test.tsx +++ b/packages/content-management/content_editor/src/components/inspector_flyout_content.test.tsx @@ -104,32 +104,37 @@ describe('', () => { expect(find('saveButton').text()).toBe('Update foo'); }); - test('should send back the updated item to the onSave() handler', async () => { + test('should save form only if something changes', async () => { const onSave = jest.fn(); await act(async () => { testBed = await setup({ onSave, isReadonly: false }); }); - const { - find, - component, - form: { setInputValue }, - } = testBed!; - - await waitForValidationResults(); + const { find, component } = testBed!; await act(async () => { find('saveButton').simulate('click'); }); - expect(onSave).toHaveBeenCalledWith({ - id: '123', - title: 'Foo', - description: 'Some description', - tags: ['id-1', 'id-2'], + component.update(); + + expect(onSave).not.toHaveBeenCalled(); + }); + + test('should send back the updated item to the onSave() handler', async () => { + const onSave = jest.fn(); + + await act(async () => { + testBed = await setup({ onSave, isReadonly: false }); }); + const { + find, + component, + form: { setInputValue }, + } = testBed!; + await act(async () => { setInputValue('metadataForm.nameInput', 'newTitle'); setInputValue('metadataForm.descriptionInput', 'newDescription'); @@ -196,7 +201,17 @@ describe('', () => { testBed = await setup({ onSave, isReadonly: false, services: { notifyError } }); }); - const { find, component } = testBed!; + const { + find, + component, + form: { setInputValue }, + } = testBed!; + + await act(async () => { + setInputValue('metadataForm.nameInput', 'changingTitleToUnblockDisabledButtonState'); + }); + + await waitForValidationResults(); component.update(); diff --git a/packages/deeplinks/observability/locators/observability_onboarding.ts b/packages/deeplinks/observability/locators/observability_onboarding.ts index 730bf6dc6cda0..ef2e19aedb76c 100644 --- a/packages/deeplinks/observability/locators/observability_onboarding.ts +++ b/packages/deeplinks/observability/locators/observability_onboarding.ts @@ -12,7 +12,9 @@ import { SerializableRecord } from '@kbn/utility-types'; export const OBSERVABILITY_ONBOARDING_LOCATOR = 'OBSERVABILITY_ONBOARDING_LOCATOR' as const; export interface ObservabilityOnboardingLocatorParams extends SerializableRecord { - /** If given, it will load the given map else will load the create a new map page. */ - source?: 'customLogs' | 'systemLogs'; + /** If given, it will load the given onboarding flow + * else will load the main onboarding screen. + */ + source?: 'auto-detect' | 'customLogs' | 'kubernetes' | 'otel-logs' | 'firehose'; category?: string; } diff --git a/packages/kbn-apm-synthtrace-client/src/lib/entities/container_entity.ts b/packages/kbn-apm-synthtrace-client/src/lib/entities/container_entity.ts index 6f9dfb4aabca8..3f408ca16857b 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/entities/container_entity.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/entities/container_entity.ts @@ -15,7 +15,8 @@ class ContainerEntity extends Serializable { super({ ...fields, 'entity.type': 'container', - 'entity.definitionId': 'latest', + 'entity.definitionId': 'builtin_containers_from_ecs_data', + 'entity.identityFields': ['container.id'], }); } } @@ -23,21 +24,19 @@ class ContainerEntity extends Serializable { export function containerEntity({ agentName, dataStreamType, - dataStreamDataset, containerId, entityId, }: { agentName: string[]; dataStreamType: EntityDataStreamType[]; - dataStreamDataset: string; containerId: string; entityId: string; }) { return new ContainerEntity({ 'source_data_stream.type': dataStreamType, - 'source_data_stream.dataset': dataStreamDataset, 'agent.name': agentName, 'container.id': containerId, + 'entity.displayName': containerId, 'entity.id': entityId, }); } diff --git a/packages/kbn-apm-synthtrace-client/src/lib/entities/host_entity.ts b/packages/kbn-apm-synthtrace-client/src/lib/entities/host_entity.ts index 47ffdd67dcbd7..3077e8bae6414 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/entities/host_entity.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/entities/host_entity.ts @@ -15,7 +15,8 @@ class HostEntity extends Serializable { super({ ...fields, 'entity.type': 'host', - 'entity.definitionId': 'latest', + 'entity.definitionId': 'builtin_hosts_from_ecs_data', + 'entity.identityFields': ['host.name'], }); } } @@ -23,21 +24,19 @@ class HostEntity extends Serializable { export function hostEntity({ agentName, dataStreamType, - dataStreamDataset, hostName, entityId, }: { agentName: string[]; dataStreamType: EntityDataStreamType[]; - dataStreamDataset: string; hostName: string; entityId: string; }) { return new HostEntity({ 'source_data_stream.type': dataStreamType, - 'source_data_stream.dataset': dataStreamDataset, 'agent.name': agentName, 'host.name': hostName, + 'entity.displayName': hostName, 'entity.id': entityId, }); } diff --git a/packages/kbn-apm-synthtrace-client/src/lib/entities/service_entity.ts b/packages/kbn-apm-synthtrace-client/src/lib/entities/service_entity.ts index 2d304ecd21b92..092135c4160e6 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/entities/service_entity.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/entities/service_entity.ts @@ -15,7 +15,8 @@ class ServiceEntity extends Serializable { super({ ...fields, 'entity.type': 'service', - 'entity.definitionId': 'latest', + 'entity.definitionId': 'builtin_services_from_ecs_data', + 'entity.identityFields': ['service.name'], }); } } @@ -35,6 +36,7 @@ export function serviceEntity({ }) { return new ServiceEntity({ 'service.name': serviceName, + 'entity.displayName': serviceName, 'service.environment': environment, 'source_data_stream.type': dataStreamType, 'agent.name': agentName, diff --git a/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts b/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts index 2bbc59eb37e70..8b3ed0cda1072 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts @@ -6,8 +6,6 @@ * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ - -import { randomInt } from 'crypto'; import { Fields } from '../entity'; import { Serializable } from '../serializable'; @@ -180,3 +178,12 @@ export const log = { create, createMinimal, }; + +function randomInt(min: number, max: number) { + if (min > max) { + throw new Error('Min value must be less than or equal to max value.'); + } + + const random = Math.floor(Math.random() * (max - min + 1)) + min; + return random; +} diff --git a/packages/kbn-apm-synthtrace-client/src/lib/otel/error.ts b/packages/kbn-apm-synthtrace-client/src/lib/otel/error.ts index 63265d45fe886..1ea9f8172d4c9 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/otel/error.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/otel/error.ts @@ -21,6 +21,7 @@ export interface OtelErrorDocument extends OtelDocument { 'timestamp.us'?: number; 'event.name'?: string; 'error.id'?: string; + 'error.grouping_key'?: string; }; } diff --git a/packages/kbn-apm-synthtrace-client/src/lib/otel/index.ts b/packages/kbn-apm-synthtrace-client/src/lib/otel/index.ts index 86bb74dd94ff4..dfa3f10d8fa6f 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/otel/index.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/otel/index.ts @@ -79,6 +79,7 @@ class Otel extends Serializable { 'timestamp.us': 1726580752010657, 'event.name': 'exception', 'error.id': `error-${spanId}`, + 'error.grouping_key': `errorGroup-${spanId}`, }, data_stream: { dataset: 'generic.otel', diff --git a/packages/kbn-apm-synthtrace/index.ts b/packages/kbn-apm-synthtrace/index.ts index 1eaab89a89308..8cb2ca6eaa8f6 100644 --- a/packages/kbn-apm-synthtrace/index.ts +++ b/packages/kbn-apm-synthtrace/index.ts @@ -16,6 +16,7 @@ export { InfraSynthtraceKibanaClient } from './src/lib/infra/infra_synthtrace_ki export { MonitoringSynthtraceEsClient } from './src/lib/monitoring/monitoring_synthtrace_es_client'; export { LogsSynthtraceEsClient } from './src/lib/logs/logs_synthtrace_es_client'; export { EntitiesSynthtraceEsClient } from './src/lib/entities/entities_synthtrace_es_client'; +export { EntitiesSynthtraceKibanaClient } from './src/lib/entities/entities_synthtrace_kibana_client'; export { SyntheticsSynthtraceEsClient } from './src/lib/synthetics/synthetics_synthtrace_es_client'; export { OtelSynthtraceEsClient } from './src/lib/otel/otel_synthtrace_es_client'; export { diff --git a/packages/kbn-apm-synthtrace/src/cli/scenario.ts b/packages/kbn-apm-synthtrace/src/cli/scenario.ts index 09bed89648f8b..271b39db8c024 100644 --- a/packages/kbn-apm-synthtrace/src/cli/scenario.ts +++ b/packages/kbn-apm-synthtrace/src/cli/scenario.ts @@ -19,7 +19,7 @@ import { import { Logger } from '../lib/utils/create_logger'; import { ScenarioReturnType } from '../lib/utils/with_client'; import { RunOptions } from './utils/parse_run_cli_flags'; -import { EntitiesSynthtraceKibanaClient } from '../lib/apm/client/entities_synthtrace_kibana_client'; +import { EntitiesSynthtraceKibanaClient } from '../lib/entities/entities_synthtrace_kibana_client'; interface EsClients { apmEsClient: ApmSynthtraceEsClient; diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_entites_kibana_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_entites_kibana_client.ts index e89a4beaf3a00..eb06e42da3aa6 100644 --- a/packages/kbn-apm-synthtrace/src/cli/utils/get_entites_kibana_client.ts +++ b/packages/kbn-apm-synthtrace/src/cli/utils/get_entites_kibana_client.ts @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { EntitiesSynthtraceKibanaClient } from '../../lib/apm/client/entities_synthtrace_kibana_client'; +import { EntitiesSynthtraceKibanaClient } from '../../lib/entities/entities_synthtrace_kibana_client'; import { Logger } from '../../lib/utils/create_logger'; export function getEntitiesKibanaClient({ target, logger }: { target: string; logger: Logger }) { diff --git a/packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_es_client.ts b/packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_es_client.ts index ea9c7a7f0e4a2..684e3efc0f372 100644 --- a/packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_es_client.ts +++ b/packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_es_client.ts @@ -17,6 +17,10 @@ import { Logger } from '../utils/create_logger'; export type EntitiesSynthtraceEsClientOptions = Omit; +interface Pipeline { + includeSerialization?: boolean; +} + export class EntitiesSynthtraceEsClient extends SynthtraceEsClient { constructor(options: { client: Client; logger: Logger } & EntitiesSynthtraceEsClientOptions) { super({ @@ -25,13 +29,20 @@ export class EntitiesSynthtraceEsClient extends SynthtraceEsClient }); this.indices = ['.entities.v1.latest.builtin*']; } + + getDefaultPipeline({ includeSerialization }: Pipeline = { includeSerialization: true }) { + return entitiesPipeline({ includeSerialization }); + } } -function entitiesPipeline() { +function entitiesPipeline({ includeSerialization }: Pipeline = { includeSerialization: true }) { return (base: Readable) => { + const serializationTransform = includeSerialization ? [getSerializeTransform()] : []; + return pipeline( + // @ts-expect-error Some weird stuff here with the type definition for pipeline. We have tests! base, - getSerializeTransform(), + ...serializationTransform, lastSeenTimestampTransform(), getRoutingTransform(), getDedotTransform(), diff --git a/packages/kbn-apm-synthtrace/src/lib/apm/client/entities_synthtrace_kibana_client.ts b/packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_kibana_client.ts similarity index 92% rename from packages/kbn-apm-synthtrace/src/lib/apm/client/entities_synthtrace_kibana_client.ts rename to packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_kibana_client.ts index 358a66570c9bd..677b69f0ae759 100644 --- a/packages/kbn-apm-synthtrace/src/lib/apm/client/entities_synthtrace_kibana_client.ts +++ b/packages/kbn-apm-synthtrace/src/lib/entities/entities_synthtrace_kibana_client.ts @@ -8,9 +8,9 @@ */ import fetch from 'node-fetch'; -import { Logger } from '../../utils/create_logger'; -import { kibanaHeaders } from '../../shared/client_headers'; -import { getFetchAgent } from '../../../cli/utils/ssl'; +import { Logger } from '../utils/create_logger'; +import { kibanaHeaders } from '../shared/client_headers'; +import { getFetchAgent } from '../../cli/utils/ssl'; interface EntityDefinitionResponse { definitions: Array<{ type: string; state: { installed: boolean; running: boolean } }>; diff --git a/packages/kbn-apm-synthtrace/src/lib/logs/logs_synthtrace_es_client.ts b/packages/kbn-apm-synthtrace/src/lib/logs/logs_synthtrace_es_client.ts index 9e10bd5388637..3e95383d9dbb9 100644 --- a/packages/kbn-apm-synthtrace/src/lib/logs/logs_synthtrace_es_client.ts +++ b/packages/kbn-apm-synthtrace/src/lib/logs/logs_synthtrace_es_client.ts @@ -23,6 +23,10 @@ export const LogsCustom = 'logs@custom'; export type LogsSynthtraceEsClientOptions = Omit; +interface Pipeline { + includeSerialization?: boolean; +} + export class LogsSynthtraceEsClient extends SynthtraceEsClient { constructor(options: { client: Client; logger: Logger } & LogsSynthtraceEsClientOptions) { super({ @@ -132,13 +136,22 @@ export class LogsSynthtraceEsClient extends SynthtraceEsClient { this.logger.error(`Custom pipeline creation failed: ${LogsCustom} - ${err.message}`); } } + + getDefaultPipeline({ includeSerialization }: Pipeline = { includeSerialization: true }) { + return logsPipeline({ includeSerialization }); + } } -function logsPipeline() { +function logsPipeline({ includeSerialization }: Pipeline = { includeSerialization: true }) { return (base: Readable) => { + const serializationTransform = includeSerialization + ? [getSerializeTransform()] + : []; + return pipeline( + // @ts-expect-error Some weird stuff here with the type definition for pipeline. We have tests! base, - getSerializeTransform(), + ...serializationTransform, getRoutingTransform('logs'), (err: unknown) => { if (err) { diff --git a/packages/kbn-apm-synthtrace/src/lib/otel/otel_synthtrace_es_client.ts b/packages/kbn-apm-synthtrace/src/lib/otel/otel_synthtrace_es_client.ts index e2162925e3c72..ee4c99b258c89 100644 --- a/packages/kbn-apm-synthtrace/src/lib/otel/otel_synthtrace_es_client.ts +++ b/packages/kbn-apm-synthtrace/src/lib/otel/otel_synthtrace_es_client.ts @@ -26,13 +26,25 @@ export class OtelSynthtraceEsClient extends SynthtraceEsClient { }); this.dataStreams = ['metrics-generic.otel*', 'traces-generic.otel*', 'logs-generic.otel*']; } + + getDefaultPipeline( + { + includeSerialization, + }: { + includeSerialization?: boolean; + } = { includeSerialization: true } + ) { + return otelPipeline(includeSerialization); + } } -function otelPipeline() { +function otelPipeline(includeSerialization: boolean = true) { + const serializationTransform = includeSerialization ? [getSerializeTransform()] : []; return (base: Readable) => { return pipeline( + // @ts-expect-error see apm_pipeline.ts base, - getSerializeTransform(), + ...serializationTransform, getRoutingTransform(), getDedotTransform(), (err: unknown) => { diff --git a/packages/kbn-esql-utils/src/utils/append_to_query.ts b/packages/kbn-esql-utils/src/utils/append_to_query.ts index 2820881810387..36af3c91a8f04 100644 --- a/packages/kbn-esql-utils/src/utils/append_to_query.ts +++ b/packages/kbn-esql-utils/src/utils/append_to_query.ts @@ -40,7 +40,8 @@ export function appendWhereClauseToESQLQuery( default: operator = '=='; } - let filterValue = typeof value === 'string' ? `"${value.replace(/\"/g, '\\"')}"` : value; + let filterValue = + typeof value === 'string' ? `"${value.replace(/\\/g, '\\\\').replace(/\"/g, '\\"')}"` : value; // Adding the backticks here are they are needed for special char fields let fieldName = `\`${field}\``; diff --git a/packages/kbn-test/jest-preset.js b/packages/kbn-test/jest-preset.js index 4f01bdcf27af1..791ee4a974823 100644 --- a/packages/kbn-test/jest-preset.js +++ b/packages/kbn-test/jest-preset.js @@ -105,9 +105,9 @@ module.exports = { // An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation transformIgnorePatterns: [ - // ignore all node_modules except monaco-editor, monaco-yaml and react-monaco-editor which requires babel transforms to handle dynamic import() + // ignore all node_modules except monaco-editor, monaco-yaml which requires babel transforms to handle dynamic import() // since ESM modules are not natively supported in Jest yet (https://github.com/facebook/jest/issues/4842) - '[/\\\\]node_modules(?![\\/\\\\](byte-size|monaco-editor|monaco-yaml|monaco-languageserver-types|monaco-marker-data-provider|monaco-worker-manager|vscode-languageserver-types|react-monaco-editor|d3-interpolate|d3-color|langchain|langsmith|@cfworker|gpt-tokenizer|flat|@langchain))[/\\\\].+\\.js$', + '[/\\\\]node_modules(?![\\/\\\\](byte-size|monaco-editor|monaco-yaml|monaco-languageserver-types|monaco-marker-data-provider|monaco-worker-manager|vscode-languageserver-types|d3-interpolate|d3-color|langchain|langsmith|@cfworker|gpt-tokenizer|flat|@langchain))[/\\\\].+\\.js$', 'packages/kbn-pm/dist/index.js', '[/\\\\]node_modules(?![\\/\\\\](langchain|langsmith|@langchain))/dist/[/\\\\].+\\.js$', '[/\\\\]node_modules(?![\\/\\\\](langchain|langsmith|@langchain))/dist/util/[/\\\\].+\\.js$', diff --git a/packages/shared-ux/code_editor/impl/BUILD.bazel b/packages/shared-ux/code_editor/impl/BUILD.bazel index 24f18820496a4..848f5efad5303 100644 --- a/packages/shared-ux/code_editor/impl/BUILD.bazel +++ b/packages/shared-ux/code_editor/impl/BUILD.bazel @@ -24,7 +24,6 @@ SRCS = glob( BUNDLER_DEPS = [ "@npm//react", "@npm//tslib", - "@npm//react-monaco-editor", ] js_library( diff --git a/packages/shared-ux/code_editor/impl/README.mdx b/packages/shared-ux/code_editor/impl/README.mdx index 8da5cf769c0c2..388483d73626d 100644 --- a/packages/shared-ux/code_editor/impl/README.mdx +++ b/packages/shared-ux/code_editor/impl/README.mdx @@ -9,7 +9,7 @@ date: 2022-12-05 ## Description -This component is an abstraction of the [Monaco Code Editor](https://microsoft.github.io/monaco-editor/) (and the [React Monaco Editor component](https://github.com/react-monaco-editor/react-monaco-editor)). This component still allows access to the other Monaco features. +This component is an abstraction of the [Monaco Code Editor](https://microsoft.github.io/monaco-editor/). This component still allows access to the other Monaco features. ## Usage diff --git a/packages/shared-ux/code_editor/impl/code_editor.test.tsx b/packages/shared-ux/code_editor/impl/code_editor.test.tsx index 8f775a5e572bc..628f89d4f159f 100644 --- a/packages/shared-ux/code_editor/impl/code_editor.test.tsx +++ b/packages/shared-ux/code_editor/impl/code_editor.test.tsx @@ -18,10 +18,8 @@ import { MockedMonacoEditor, mockedEditorInstance } from '@kbn/code-editor-mock/ import { CodeEditor } from './code_editor'; -jest.mock('react-monaco-editor', () => { - return function JestMockEditor() { - return MockedMonacoEditor; - }; +jest.mock('./react_monaco_editor', () => { + return { MonacoEditor: MockedMonacoEditor }; }); // Mock the htmlIdGenerator to generate predictable ids for snapshot tests diff --git a/packages/shared-ux/code_editor/impl/code_editor.tsx b/packages/shared-ux/code_editor/impl/code_editor.tsx index deda021101791..5ab4d94bc9421 100644 --- a/packages/shared-ux/code_editor/impl/code_editor.tsx +++ b/packages/shared-ux/code_editor/impl/code_editor.tsx @@ -8,9 +8,6 @@ */ import React, { useState, useRef, useCallback, useMemo, useEffect, KeyboardEvent, FC } from 'react'; -import ReactMonacoEditor, { - type MonacoEditorProps as ReactMonacoEditorProps, -} from 'react-monaco-editor'; import { htmlIdGenerator, EuiToolTip, @@ -34,6 +31,10 @@ import { import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { css } from '@emotion/react'; +import { + MonacoEditor as ReactMonacoEditor, + type MonacoEditorProps as ReactMonacoEditorProps, +} from './react_monaco_editor'; import './register_languages'; import { remeasureFonts } from './remeasure_fonts'; @@ -168,7 +169,7 @@ export interface CodeEditorProps { export const CodeEditor: React.FC = ({ languageId, value, - onChange: _onChange, + onChange, width, height, options, @@ -225,8 +226,6 @@ export const CodeEditor: React.FC = ({ const [isHintActive, setIsHintActive] = useState(true); - const onChange = useBug175684OnChange(_onChange); - const startEditing = useCallback(() => { setIsHintActive(false); _editor?.focus(); @@ -708,23 +707,6 @@ const useFitToContent = ({ }, [editor, isFitToContent, minLines, maxLines, isFullScreen]); }; -// https://github.com/elastic/kibana/issues/175684 -// 'react-monaco-editor' has a bug that it always calls the initial onChange callback, so the closure might become stale -// we work this around by calling the latest onChange from props -const useBug175684OnChange = (onChange: CodeEditorProps['onChange']) => { - const onChangePropRef = useRef(onChange); - useEffect(() => { - onChangePropRef.current = onChange; - }, [onChange]); - const onChangeWrapper = useCallback>((_value, event) => { - if (onChangePropRef.current) { - onChangePropRef.current(_value, event); - } - }, []); - - return onChangeWrapper; -}; - const UseBug177756ReBroadcastMouseDown: FC<{ children: React.ReactNode }> = ({ children }) => { const [$codeWrapper, setCodeWrapper] = React.useState(null); diff --git a/packages/shared-ux/code_editor/impl/react_monaco_editor/README.md b/packages/shared-ux/code_editor/impl/react_monaco_editor/README.md new file mode 100644 index 0000000000000..c9b8bbbb2c98c --- /dev/null +++ b/packages/shared-ux/code_editor/impl/react_monaco_editor/README.md @@ -0,0 +1,33 @@ +This is a fork of [react-monaco-editor project](https://github.com/react-monaco-editor/react-monaco-editor) that is a Monaco editor wrapper for React. +This fork is needed to apply a change that fixes the editor behavior in Kibana when running React@18 in Legacy Mode and the bug is described [here](https://github.com/facebook/react/issues/31023) +The change is to replace the `useEffect` hook with `useLayoutEffect` when the editor is in controlled mode and the value is updated from prop. + +```diff +---useEffect(() => { ++++useLayoutEffect(() => { + if (editor.current) { + if (value === editor.current.getValue()) { + return; + } + + const model = editor.current.getModel(); + __prevent_trigger_change_event.current = true; + editor.current.pushUndoStop(); + // pushEditOperations says it expects a cursorComputer, but doesn't seem to need one. + model.pushEditOperations( + [], + [ + { + range: model.getFullModelRange(), + text: value, + }, + ], + undefined, + ); + editor.current.pushUndoStop(); + __prevent_trigger_change_event.current = false; + } + }, [value]); +``` + +In addition, the fork only includes functionality that is used in Kibana and removes the rest of the code that is not needed. diff --git a/packages/shared-ux/code_editor/impl/react_monaco_editor/editor.tsx b/packages/shared-ux/code_editor/impl/react_monaco_editor/editor.tsx new file mode 100644 index 0000000000000..c58e683a6b179 --- /dev/null +++ b/packages/shared-ux/code_editor/impl/react_monaco_editor/editor.tsx @@ -0,0 +1,278 @@ +/* eslint-disable @kbn/eslint/require-license-header */ +/** + * @notice + * This code is forked from the `react-monaco-editor` + * https://github.com/react-monaco-editor/react-monaco-editor/blob/975cc47b5cb411ee2ffcbdb973daa9342e81a805/src/editor.tsx + * + * The MIT License (MIT) + * + * Copyright (c) 2016-present Leon Shi + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +import { monaco as monacoEditor, monaco } from '@kbn/monaco'; +import * as React from 'react'; +import { useEffect, useLayoutEffect, useMemo, useRef } from 'react'; + +export type EditorConstructionOptions = monacoEditor.editor.IStandaloneEditorConstructionOptions; + +export type EditorWillMount = (monaco: typeof monacoEditor) => void | EditorConstructionOptions; + +export type EditorDidMount = ( + editor: monacoEditor.editor.IStandaloneCodeEditor, + monaco: typeof monacoEditor +) => void; + +export type EditorWillUnmount = ( + editor: monacoEditor.editor.IStandaloneCodeEditor, + monaco: typeof monacoEditor +) => void | EditorConstructionOptions; + +export type ChangeHandler = ( + value: string, + event: monacoEditor.editor.IModelContentChangedEvent +) => void; + +export interface MonacoEditorProps { + /** + * Width of editor. Defaults to 100%. + */ + width?: string | number; + + /** + * Height of editor. Defaults to 100%. + */ + height?: string | number; + + /** + * The initial value of the auto created model in the editor. + */ + defaultValue?: string; + + /** + * Value of the auto created model in the editor. + * If you specify `null` or `undefined` for this property, the component behaves in uncontrolled mode. + * Otherwise, it behaves in controlled mode. + */ + value?: string | null; + + /** + * The initial language of the auto created model in the editor. Defaults to 'javascript'. + */ + language?: string; + + /** + * Theme to be used for rendering. + * The current out-of-the-box available themes are: 'vs' (default), 'vs-dark', 'hc-black'. + * You can create custom themes via `monaco.editor.defineTheme`. + */ + theme?: string | null; + + /** + * Optional string classname to append to the editor. + */ + className?: string | null; + + /** + * Refer to Monaco interface {monaco.editor.IStandaloneEditorConstructionOptions}. + */ + options?: monacoEditor.editor.IStandaloneEditorConstructionOptions; + + /** + * An event emitted before the editor mounted (similar to componentWillMount of React). + */ + editorWillMount?: EditorWillMount; + + /** + * An event emitted when the editor has been mounted (similar to componentDidMount of React). + */ + editorDidMount?: EditorDidMount; + + /** + * An event emitted before the editor unmount (similar to componentWillUnmount of React). + */ + editorWillUnmount?: EditorWillUnmount; + + /** + * An event emitted when the content of the current model has changed. + */ + onChange?: ChangeHandler; +} + +export function MonacoEditor({ + width = '100%', + height = '100%', + value, + defaultValue = '', + language = 'javascript', + theme, + options, + editorWillMount, + editorDidMount, + editorWillUnmount, + onChange, + className, +}: MonacoEditorProps) { + const containerElement = useRef(null); + + const editor = useRef(null); + + const _subscription = useRef(null); + + const __prevent_trigger_change_event = useRef(null); + + const fixedWidth = processSize(width); + + const fixedHeight = processSize(height); + + const onChangeRef = useRef(onChange); + onChangeRef.current = onChange; + + const style = useMemo( + () => ({ + width: fixedWidth, + height: fixedHeight, + }), + [fixedWidth, fixedHeight] + ); + + const handleEditorWillMount = () => { + const finalOptions = editorWillMount?.(monaco); + return finalOptions || {}; + }; + + const handleEditorDidMount = () => { + editorDidMount?.(editor.current!, monaco); + + _subscription.current = editor.current!.onDidChangeModelContent((event) => { + if (!__prevent_trigger_change_event.current) { + onChangeRef.current?.(editor.current!.getValue(), event); + } + }); + }; + + const handleEditorWillUnmount = () => { + editorWillUnmount?.(editor.current!, monaco); + }; + + const initMonaco = () => { + const finalValue = value !== null ? value : defaultValue; + + if (containerElement.current) { + // Before initializing monaco editor + const finalOptions = { ...options, ...handleEditorWillMount() }; + + const model = monaco.editor.createModel(finalValue!, language); + + editor.current = monaco.editor.create(containerElement.current, { + model, + ...(className ? { extraEditorClassName: className } : {}), + ...finalOptions, + ...(theme ? { theme } : {}), + }); + // After initializing monaco editor + handleEditorDidMount(); + } + }; + + // eslint-disable-next-line react-hooks/exhaustive-deps + useEffect(initMonaco, []); + + // useLayoutEffect instead of useEffect to mitigate https://github.com/facebook/react/issues/31023 in React@18 Legacy Mode + useLayoutEffect(() => { + if (editor.current) { + if (value === editor.current.getValue()) { + return; + } + + const model = editor.current.getModel(); + __prevent_trigger_change_event.current = true; + editor.current.pushUndoStop(); + // pushEditOperations says it expects a cursorComputer, but doesn't seem to need one. + model!.pushEditOperations( + [], + [ + { + range: model!.getFullModelRange(), + text: value!, + }, + ], + // @ts-expect-error + undefined + ); + editor.current.pushUndoStop(); + __prevent_trigger_change_event.current = false; + } + }, [value]); + + useEffect(() => { + if (editor.current) { + const model = editor.current.getModel(); + monaco.editor.setModelLanguage(model!, language); + } + }, [language]); + + useEffect(() => { + if (editor.current) { + // Don't pass in the model on update because monaco crashes if we pass the model + // a second time. See https://github.com/microsoft/monaco-editor/issues/2027 + // @ts-expect-error + const { model: _model, ...optionsWithoutModel } = options; + editor.current.updateOptions({ + ...(className ? { extraEditorClassName: className } : {}), + ...optionsWithoutModel, + }); + } + }, [className, options]); + + useEffect(() => { + if (editor.current) { + editor.current.layout(); + } + }, [width, height]); + + useEffect(() => { + if (theme) { + monaco.editor.setTheme(theme); + } + }, [theme]); + + useEffect( + () => () => { + if (editor.current) { + handleEditorWillUnmount(); + editor.current.dispose(); + } + if (_subscription.current) { + _subscription.current.dispose(); + } + }, + // eslint-disable-next-line react-hooks/exhaustive-deps + [] + ); + + return
; +} + +MonacoEditor.displayName = 'MonacoEditor'; + +function processSize(size: number | string) { + return !/^\d+$/.test(size as string) ? size : `${size}px`; +} diff --git a/packages/shared-ux/code_editor/impl/react_monaco_editor/index.ts b/packages/shared-ux/code_editor/impl/react_monaco_editor/index.ts new file mode 100644 index 0000000000000..74bf5fca87a32 --- /dev/null +++ b/packages/shared-ux/code_editor/impl/react_monaco_editor/index.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +export * from './editor'; diff --git a/packages/shared-ux/code_editor/mocks/monaco_mock/index.tsx b/packages/shared-ux/code_editor/mocks/monaco_mock/index.tsx index d62ab439a2a2e..d04eb38b8d1f4 100644 --- a/packages/shared-ux/code_editor/mocks/monaco_mock/index.tsx +++ b/packages/shared-ux/code_editor/mocks/monaco_mock/index.tsx @@ -8,8 +8,10 @@ */ import React, { useEffect, KeyboardEventHandler } from 'react'; -import { type MonacoEditorProps } from 'react-monaco-editor'; import { monaco } from '@kbn/monaco'; +// TODO: circular dependency +// import type { MonacoEditorProps } from '@kbn/code-editor/react_monaco_editor'; +type MonacoEditorProps = any; function createEditorInstance() { const keyDownListeners: Array<(e?: unknown) => void> = []; diff --git a/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_01.zip b/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_01.zip index 79cd2f2d63cd0..5a7ee884b5b06 100644 Binary files a/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_01.zip and b/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_01.zip differ diff --git a/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_02.zip b/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_02.zip index 4f9d52d79812d..180465269c1f0 100644 Binary files a/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_02.zip and b/src/core/server/integration_tests/saved_objects/migrations/archives/7.13.0_5k_so_node_02.zip differ diff --git a/src/core/server/integration_tests/saved_objects/migrations/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip b/src/core/server/integration_tests/saved_objects/migrations/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip index b409f3d8a7227..98b0ba6442b0e 100644 Binary files a/src/core/server/integration_tests/saved_objects/migrations/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip and b/src/core/server/integration_tests/saved_objects/migrations/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip differ diff --git a/src/core/server/integration_tests/saved_objects/migrations/archives/8.4.0_with_sample_data_logs.zip b/src/core/server/integration_tests/saved_objects/migrations/archives/8.4.0_with_sample_data_logs.zip index 7d81fc53b7477..9a48e25275908 100644 Binary files a/src/core/server/integration_tests/saved_objects/migrations/archives/8.4.0_with_sample_data_logs.zip and b/src/core/server/integration_tests/saved_objects/migrations/archives/8.4.0_with_sample_data_logs.zip differ diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/incompatible_cluster_routing_allocation.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/incompatible_cluster_routing_allocation.test.ts index 5493b8ef6ce6c..ee6c499da7ce8 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group3/incompatible_cluster_routing_allocation.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group3/incompatible_cluster_routing_allocation.test.ts @@ -97,8 +97,7 @@ async function updateRoutingAllocations( }); } -// FLAKY: https://github.com/elastic/kibana/issues/158318 -describe.skip('incompatible_cluster_routing_allocation', () => { +describe('incompatible_cluster_routing_allocation', () => { let client: ElasticsearchClient; let root: Root; diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts index 476463b05a77a..490dea4c06be6 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts @@ -95,8 +95,7 @@ function createRoot({ logFileName, hosts }: RootConfig) { }); } -// FLAKY: https://github.com/elastic/kibana/issues/167676 -describe.skip('migration v2', () => { +describe('migration v2', () => { let esServer: TestElasticsearchUtils; let root: Root; const migratedIndexAlias = `.kibana_${pkg.version}`; diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts index 8ce71538ede9e..df809d8c4c173 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts @@ -18,9 +18,7 @@ import { delay } from '../test_utils'; const logFilePath = join(__dirname, 'read_batch_size.log'); -// FLAKY: https://github.com/elastic/kibana/issues/163254 -// FLAKY: https://github.com/elastic/kibana/issues/163255 -describe.skip('migration v2 - read batch size', () => { +describe('migration v2 - read batch size', () => { let esServer: TestElasticsearchUtils; let root: Root; let logs: string; diff --git a/src/dev/performance/run_performance_cli.ts b/src/dev/performance/run_performance_cli.ts index df6020ba62a34..fd0f4094124ab 100644 --- a/src/dev/performance/run_performance_cli.ts +++ b/src/dev/performance/run_performance_cli.ts @@ -47,6 +47,7 @@ const journeyTargetGroups: JourneyTargetGroups = { maps: ['ecommerce_dashboard_map_only'], ml: ['aiops_log_rate_analysis', 'many_fields_transform', 'tsdb_logs_data_visualizer'], esql: ['many_fields_discover_esql', 'web_logs_dashboard_esql'], + http2: ['data_stress_test_lens_http2', 'ecommerce_dashboard_http2'], }; const readFilesRecursively = (dir: string, callback: Function) => { diff --git a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/cumulative_sum.ts b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/cumulative_sum.ts index 07ed7eceb9930..3b470da64c5c2 100644 --- a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/cumulative_sum.ts +++ b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/cumulative_sum.ts @@ -33,7 +33,7 @@ export const convertToCumulativeSumColumns = ( // lens supports cumulative sum for count and sum as quick function // and everything else as formula if (subFunctionMetric.type !== 'count' && pipelineAgg.name !== 'sum') { - const metaValue = Number(meta?.replace(']', '')); + const metaValue = Number(meta?.replace(/\]/g, '')); formula = getPipelineSeriesFormula(metric, metrics, subFunctionMetric, { metaValue, reducedTimeRange, diff --git a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/formula.ts b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/formula.ts index cd0a3a62a8dd5..a1a42c12a64fa 100644 --- a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/formula.ts +++ b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/formula.ts @@ -66,7 +66,7 @@ const convertFormulaScriptForPercentileAggs = ( ) => { variables.forEach((variable) => { const [_, meta] = variable?.field?.split('[') ?? []; - const metaValue = Number(meta?.replace(']', '')); + const metaValue = Number(meta?.replace(/\]/g, '')); if (!metaValue) { return; } @@ -163,7 +163,7 @@ export const convertOtherAggsToFormulaColumn = ( const metric = metrics[metrics.length - 1]; const [fieldId, meta] = metric?.field?.split('[') ?? []; const subFunctionMetric = metrics.find(({ id }) => id === fieldId); - const metaValue = meta ? Number(meta?.replace(']', '')) : undefined; + const metaValue = meta ? Number(meta?.replace(/\]/g, '')) : undefined; if (!subFunctionMetric) { return null; diff --git a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/parent_pipeline.ts b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/parent_pipeline.ts index 5ac5701eef6c7..e617ef70c5da2 100644 --- a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/parent_pipeline.ts +++ b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/convert/parent_pipeline.ts @@ -235,7 +235,7 @@ const convertMovingAvgOrDerivativeToColumns = ( if (!pipelineAgg) { return null; } - const metaValue = Number(meta?.replace(']', '')); + const metaValue = Number(meta?.replace(/\]/g, '')); const subMetricField = subFunctionMetric.field; const [nestedFieldId, _] = subMetricField?.split('[') ?? []; // support nested aggs with formula diff --git a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/filter_ratio_formula.ts b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/filter_ratio_formula.ts index 22cd37255b59e..813f28d4b6924 100644 --- a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/filter_ratio_formula.ts +++ b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/filter_ratio_formula.ts @@ -14,7 +14,7 @@ import { addAdditionalArgs } from '.'; import { AdditionalArgs } from '../../types'; const escapeQuotes = (str: string) => { - return str?.replace(/'/g, "\\'"); + return str?.replace(/\\/g, '\\\\').replace(/'/g, "\\'"); }; const constructFilterRationFormula = ( diff --git a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/metrics_helpers.ts b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/metrics_helpers.ts index da5e9e8cffb35..14e1b66df1e26 100644 --- a/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/metrics_helpers.ts +++ b/src/plugins/vis_types/timeseries/public/convert_to_lens/lib/metrics/metrics_helpers.ts @@ -113,7 +113,7 @@ export const getFormulaEquivalent = ( } return getPipelineSeriesFormula(currentMetric, metrics, subFunctionMetric, { - metaValue: nestedMetaValue ? Number(nestedMetaValue?.replace(']', '')) : undefined, + metaValue: nestedMetaValue ? Number(nestedMetaValue?.replace(/\]/g, '')) : undefined, reducedTimeRange, timeShift, }); diff --git a/tsconfig.base.json b/tsconfig.base.json index d1ce9880e4a66..4464ff5f4a78c 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1062,6 +1062,8 @@ "@kbn/interactive-setup-test-endpoints-plugin/*": ["test/interactive_setup_api_integration/plugins/test_endpoints/*"], "@kbn/interpreter": ["packages/kbn-interpreter"], "@kbn/interpreter/*": ["packages/kbn-interpreter/*"], + "@kbn/inventory-e2e": ["x-pack/plugins/observability_solution/inventory/e2e"], + "@kbn/inventory-e2e/*": ["x-pack/plugins/observability_solution/inventory/e2e/*"], "@kbn/inventory-plugin": ["x-pack/plugins/observability_solution/inventory"], "@kbn/inventory-plugin/*": ["x-pack/plugins/observability_solution/inventory/*"], "@kbn/investigate-app-plugin": ["x-pack/plugins/observability_solution/investigate_app"], diff --git a/x-pack/performance/configs/http2_config.ts b/x-pack/performance/configs/http2_config.ts new file mode 100644 index 0000000000000..d9d06b7c15ada --- /dev/null +++ b/x-pack/performance/configs/http2_config.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FtrConfigProviderContext } from '@kbn/test'; +import { configureHTTP2 } from '@kbn/test-suites-src/common/configure_http2'; + +// eslint-disable-next-line import/no-default-export +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const xpackFunctionalConfig = await readConfigFile( + require.resolve('@kbn/test-suites-xpack/functional/config.base') + ); + + return configureHTTP2({ + ...xpackFunctionalConfig.getAll(), + }); +} diff --git a/x-pack/performance/journeys_e2e/data_stress_test_lens_http2.ts b/x-pack/performance/journeys_e2e/data_stress_test_lens_http2.ts new file mode 100644 index 0000000000000..9f02fe7ba874a --- /dev/null +++ b/x-pack/performance/journeys_e2e/data_stress_test_lens_http2.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Journey } from '@kbn/journeys'; + +export const journey = new Journey({ + kbnArchives: ['test/functional/fixtures/kbn_archiver/stress_test'], + esArchives: ['test/functional/fixtures/es_archiver/stress_test'], + ftrConfigPath: 'x-pack/performance/configs/http2_config.ts', +}).step('Go to dashboard', async ({ page, kbnUrl, kibanaServer, kibanaPage }) => { + await kibanaServer.uiSettings.update({ 'histogram:maxBars': 100 }); + await page.goto(kbnUrl.get(`/app/dashboards#/view/92b143a0-2e9c-11ed-b1b6-a504560b392c`)); + await kibanaPage.waitForVisualizations({ count: 1 }); +}); diff --git a/x-pack/performance/journeys_e2e/ecommerce_dashboard_http2.ts b/x-pack/performance/journeys_e2e/ecommerce_dashboard_http2.ts new file mode 100644 index 0000000000000..57e11d461c00a --- /dev/null +++ b/x-pack/performance/journeys_e2e/ecommerce_dashboard_http2.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Journey } from '@kbn/journeys'; +import { subj } from '@kbn/test-subj-selector'; + +export const journey = new Journey({ + esArchives: ['x-pack/performance/es_archives/sample_data_ecommerce'], + kbnArchives: ['x-pack/performance/kbn_archives/ecommerce_no_map_dashboard'], + ftrConfigPath: 'x-pack/performance/configs/http2_config.ts', +}) + + .step('Go to Dashboards Page', async ({ page, kbnUrl, kibanaPage }) => { + await page.goto(kbnUrl.get(`/app/dashboards`)); + await kibanaPage.waitForListViewTable(); + }) + + .step('Go to Ecommerce Dashboard', async ({ page, kibanaPage }) => { + await page.click(subj('dashboardListingTitleLink-[eCommerce]-Revenue-Dashboard')); + await kibanaPage.waitForVisualizations({ count: 13 }); + }); diff --git a/x-pack/performance/tsconfig.json b/x-pack/performance/tsconfig.json index 5c00a3b2895d8..6718cd64c9640 100644 --- a/x-pack/performance/tsconfig.json +++ b/x-pack/performance/tsconfig.json @@ -22,5 +22,6 @@ "@kbn/expect", "@kbn/dev-utils", "@kbn/apm-synthtrace-client", + "@kbn/test-suites-src", ] } diff --git a/x-pack/plugins/fleet/common/errors.ts b/x-pack/plugins/fleet/common/errors.ts index c41f6238f8647..9750fdbaf0d3b 100644 --- a/x-pack/plugins/fleet/common/errors.ts +++ b/x-pack/plugins/fleet/common/errors.ts @@ -8,9 +8,9 @@ import type { FleetErrorType } from './types'; -export class FleetError extends Error { +export class FleetError extends Error { attributes?: { type: FleetErrorType }; - constructor(message?: string, public readonly meta?: unknown) { + constructor(message?: string, public readonly meta?: TMeta) { super(message); this.name = this.constructor.name; // for stack traces } diff --git a/x-pack/plugins/fleet/server/errors/index.ts b/x-pack/plugins/fleet/server/errors/index.ts index abc36f7df9692..2f9b42799075f 100644 --- a/x-pack/plugins/fleet/server/errors/index.ts +++ b/x-pack/plugins/fleet/server/errors/index.ts @@ -95,7 +95,7 @@ export class FleetEncryptedSavedObjectEncryptionKeyRequired extends FleetError { export class FleetSetupError extends FleetError {} export class GenerateServiceTokenError extends FleetError {} export class FleetUnauthorizedError extends FleetError {} -export class FleetNotFoundError extends FleetError {} +export class FleetNotFoundError extends FleetError {} export class FleetTooManyRequestsError extends FleetError {} export class OutputUnauthorizedError extends FleetError {} @@ -105,7 +105,7 @@ export class DownloadSourceError extends FleetError {} export class DeleteUnenrolledAgentsPreconfiguredError extends FleetError {} // Not found errors -export class AgentNotFoundError extends FleetNotFoundError {} +export class AgentNotFoundError extends FleetNotFoundError<{ agentId: string }> {} export class AgentPolicyNotFoundError extends FleetNotFoundError {} export class AgentActionNotFoundError extends FleetNotFoundError {} export class DownloadSourceNotFound extends FleetNotFoundError {} @@ -115,7 +115,10 @@ export class SigningServiceNotFoundError extends FleetNotFoundError {} export class InputNotFoundError extends FleetNotFoundError {} export class OutputNotFoundError extends FleetNotFoundError {} export class PackageNotFoundError extends FleetNotFoundError {} -export class PackagePolicyNotFoundError extends FleetNotFoundError {} +export class PackagePolicyNotFoundError extends FleetNotFoundError<{ + /** The package policy ID that was not found */ + packagePolicyId: string; +}> {} export class StreamNotFoundError extends FleetNotFoundError {} export class FleetServerHostUnauthorizedError extends FleetUnauthorizedError {} diff --git a/x-pack/plugins/fleet/server/services/agents/agent_service.mock.ts b/x-pack/plugins/fleet/server/services/agents/agent_service.mock.ts index d6d6922e1bdf9..316bfaa228b09 100644 --- a/x-pack/plugins/fleet/server/services/agents/agent_service.mock.ts +++ b/x-pack/plugins/fleet/server/services/agents/agent_service.mock.ts @@ -15,10 +15,12 @@ const createClientMock = (): jest.Mocked => ({ getAgentStatusForAgentPolicy: jest.fn(), listAgents: jest.fn(), getLatestAgentAvailableVersion: jest.fn(), + getByIds: jest.fn(async (..._) => []), }); const createServiceMock = (): DeeplyMockedKeys => ({ asInternalUser: createClientMock(), + asInternalScopedUser: jest.fn().mockReturnValue(createClientMock()), asScoped: jest.fn().mockReturnValue(createClientMock()), }); diff --git a/x-pack/plugins/fleet/server/services/agents/agent_service.test.ts b/x-pack/plugins/fleet/server/services/agents/agent_service.test.ts index 2db66f04d8a9b..95d61060c7e66 100644 --- a/x-pack/plugins/fleet/server/services/agents/agent_service.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/agent_service.test.ts @@ -185,6 +185,27 @@ describe('AgentService', () => { () => new AgentServiceImpl(mockEsClient, mockSoClient).asInternalUser ); }); + + describe('asInternalScopedUser', () => { + it('should throw error if no space id is passed', () => { + const agentService = new AgentServiceImpl( + elasticsearchServiceMock.createElasticsearchClient(), + savedObjectsClientMock.create() + ); + + expect(() => agentService.asInternalScopedUser('')).toThrowError(TypeError); + }); + + { + const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); + const mockSoClient = savedObjectsClientMock.create(); + expectApisToCallServicesSuccessfully( + mockEsClient, + () => mockSoClient, + () => new AgentServiceImpl(mockEsClient, mockSoClient).asInternalUser + ); + } + }); }); function expectApisToCallServicesSuccessfully( diff --git a/x-pack/plugins/fleet/server/services/agents/agent_service.ts b/x-pack/plugins/fleet/server/services/agents/agent_service.ts index c6eb4e55ed8fe..b6791b061e985 100644 --- a/x-pack/plugins/fleet/server/services/agents/agent_service.ts +++ b/x-pack/plugins/fleet/server/services/agents/agent_service.ts @@ -27,7 +27,7 @@ import { FleetUnauthorizedError } from '../../errors'; import { getCurrentNamespace } from '../spaces/get_current_namespace'; -import { getAgentsByKuery, getAgentById } from './crud'; +import { getAgentsByKuery, getAgentById, getByIds } from './crud'; import { getAgentStatusById, getAgentStatusForAgentPolicy } from './status'; import { getLatestAvailableAgentVersion } from './versions'; @@ -42,6 +42,11 @@ export interface AgentService { */ asScoped(req: KibanaRequest): AgentClient; + /** + * Scoped services to a given space + */ + asInternalScopedUser(spaceId: string): AgentClient; + /** * Only use for server-side usages (eg. telemetry), should not be used for end users unless an explicit authz check is * done. @@ -60,6 +65,12 @@ export interface AgentClient { */ getAgent(agentId: string): Promise; + /** + * Get multiple agents by id + * @param agentIds + */ + getByIds(agentIds: string[], options?: { ignoreMissing?: boolean }): Promise; + /** * Return the status by the Agent's id */ @@ -128,6 +139,14 @@ class AgentClientImpl implements AgentClient { return getAgentById(this.internalEsClient, this.soClient, agentId); } + public async getByIds( + agentIds: string[], + options?: Partial<{ ignoreMissing: boolean }> + ): Promise { + await this.#runPreflight(); + return getByIds(this.internalEsClient, this.soClient, agentIds, options); + } + public async getAgentStatusById(agentId: string) { await this.#runPreflight(); return getAgentStatusById(this.internalEsClient, this.soClient, agentId); @@ -187,6 +206,21 @@ export class AgentServiceImpl implements AgentService { ); } + public asInternalScopedUser(spaceId: string): AgentClient { + if (!spaceId) { + throw new TypeError(`spaceId argument is required!`); + } + + const soClient = appContextService.getInternalUserSOClientForSpaceId(spaceId); + + return new AgentClientImpl( + this.internalEsClient, + soClient, + undefined, + getCurrentNamespace(soClient) + ); + } + public get asInternalUser() { return new AgentClientImpl(this.internalEsClient, this.soClient); } diff --git a/x-pack/plugins/fleet/server/services/agents/crud.test.ts b/x-pack/plugins/fleet/server/services/agents/crud.test.ts index cd27870e32a3a..00119e5bc44fb 100644 --- a/x-pack/plugins/fleet/server/services/agents/crud.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/crud.test.ts @@ -9,6 +9,10 @@ import type { ElasticsearchClient } from '@kbn/core/server'; import { elasticsearchServiceMock, savedObjectsClientMock } from '@kbn/core/server/mocks'; import { toElasticsearchQuery } from '@kbn/es-query'; +import { isSpaceAwarenessEnabled as _isSpaceAwarenessEnabled } from '../spaces/helpers'; + +import { AgentNotFoundError } from '../..'; + import { AGENTS_INDEX } from '../../constants'; import { createAppContextStartContractMock } from '../../mocks'; import type { Agent } from '../../types'; @@ -24,6 +28,7 @@ import { openPointInTime, updateAgent, _joinFilters, + getByIds, } from './crud'; jest.mock('../audit_logging'); @@ -41,6 +46,7 @@ jest.mock('./versions', () => { jest.mock('../spaces/helpers'); const mockedAuditLoggingService = auditLoggingService as jest.Mocked; +const isSpaceAwarenessEnabledMock = _isSpaceAwarenessEnabled as jest.Mock; describe('Agents CRUD test', () => { const soClientMock = savedObjectsClientMock.create(); @@ -63,13 +69,22 @@ describe('Agents CRUD test', () => { appContextService.start(mockContract); }); - function getEsResponse(ids: string[], total: number, status: AgentStatus) { + afterEach(() => { + isSpaceAwarenessEnabledMock.mockReset(); + }); + + function getEsResponse( + ids: string[], + total: number, + status: AgentStatus, + generateSource: (id: string) => Partial = () => ({}) + ) { return { hits: { total, hits: ids.map((id: string) => ({ _id: id, - _source: {}, + _source: generateSource(id), fields: { status: [status], }, @@ -513,4 +528,48 @@ describe('Agents CRUD test', () => { }); }); }); + + describe(`getByIds()`, () => { + let searchResponse: ReturnType; + + beforeEach(() => { + searchResponse = getEsResponse(['1', '2'], 2, 'online', (id) => { + return { id, namespaces: ['foo'] }; + }); + (soClientMock.getCurrentNamespace as jest.Mock).mockReturnValue('foo'); + searchMock.mockImplementation(async () => searchResponse); + }); + + it('should return a list of agents', async () => { + await expect(getByIds(esClientMock, soClientMock, ['1', '2'])).resolves.toEqual([ + expect.objectContaining({ id: '1' }), + expect.objectContaining({ id: '2' }), + ]); + }); + + it('should omit agents that are not found if `ignoreMissing` is true', async () => { + searchResponse.hits.hits = [searchResponse.hits.hits[0]]; + + await expect( + getByIds(esClientMock, soClientMock, ['1', '2'], { ignoreMissing: true }) + ).resolves.toEqual([expect.objectContaining({ id: '1' })]); + }); + + it('should error if agent is not found and `ignoreMissing` is false', async () => { + searchResponse.hits.hits = [searchResponse.hits.hits[0]]; + + await expect(getByIds(esClientMock, soClientMock, ['1', '2'])).rejects.toThrow( + AgentNotFoundError + ); + }); + + it('should error if agent is not part of current space', async () => { + searchResponse.hits.hits[0]._source.namespaces = ['bar']; + isSpaceAwarenessEnabledMock.mockResolvedValue(true); + + await expect(getByIds(esClientMock, soClientMock, ['1', '2'])).rejects.toThrow( + AgentNotFoundError + ); + }); + }); }); diff --git a/x-pack/plugins/fleet/server/services/agents/crud.ts b/x-pack/plugins/fleet/server/services/agents/crud.ts index 541829f32deb2..f7682ce0e7726 100644 --- a/x-pack/plugins/fleet/server/services/agents/crud.ts +++ b/x-pack/plugins/fleet/server/services/agents/crud.ts @@ -415,6 +415,46 @@ export async function getAgentById( return agentHit; } +/** + * Get list of agents by `id`. service method performs space awareness checks. + * @param esClient + * @param soClient + * @param agentIds + * @param options + * + * @throws AgentNotFoundError + */ +export const getByIds = async ( + esClient: ElasticsearchClient, + soClient: SavedObjectsClientContract, + agentIds: string[], + options?: Partial<{ ignoreMissing: boolean }> +): Promise => { + const agentsHits = await getAgentsById(esClient, soClient, agentIds); + const currentNamespace = getCurrentNamespace(soClient); + const response: Agent[] = []; + + for (const agentHit of agentsHits) { + let throwError = false; + + if ('notFound' in agentHit && !options?.ignoreMissing) { + throwError = true; + } else if ((await isAgentInNamespace(agentHit as Agent, currentNamespace)) !== true) { + throwError = true; + } + + if (throwError) { + throw new AgentNotFoundError(`Agent ${agentHit.id} not found`, { agentId: agentHit.id }); + } + + if (!(`notFound` in agentHit)) { + response.push(agentHit); + } + } + + return response; +}; + async function _filterAgents( esClient: ElasticsearchClient, soClient: SavedObjectsClientContract, diff --git a/x-pack/plugins/fleet/server/services/package_policy.ts b/x-pack/plugins/fleet/server/services/package_policy.ts index 0cf4345235d54..2d360dba63767 100644 --- a/x-pack/plugins/fleet/server/services/package_policy.ts +++ b/x-pack/plugins/fleet/server/services/package_policy.ts @@ -771,7 +771,9 @@ class PackagePolicyClientImpl implements PackagePolicyClient { if (options.ignoreMissing && so.error.statusCode === 404) { return null; } else if (so.error.statusCode === 404) { - throw new PackagePolicyNotFoundError(`Package policy ${so.id} not found`); + throw new PackagePolicyNotFoundError(`Package policy ${so.id} not found`, { + packagePolicyId: so.id, + }); } else { throw new FleetError(so.error.message); } diff --git a/x-pack/plugins/graph/public/helpers/kql_encoder.ts b/x-pack/plugins/graph/public/helpers/kql_encoder.ts index 25ac6b9c4280d..e1eeb0f2dc35b 100644 --- a/x-pack/plugins/graph/public/helpers/kql_encoder.ts +++ b/x-pack/plugins/graph/public/helpers/kql_encoder.ts @@ -10,7 +10,7 @@ import rison from '@kbn/rison'; import { Workspace } from '../types'; function escapeQuotes(str: string) { - return str.replace(/"/g, '\\"'); + return str.replace(/\\/g, '\\\\').replace(/"/g, '\\"'); } export function asKQL(workspace: Workspace, joinBy: 'and' | 'or') { diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_errors.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_errors.tsx index a00fa978b5cc9..253cbe51cfbd4 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_errors.tsx +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_errors.tsx @@ -20,24 +20,27 @@ import { getLongMessage } from '../../../user_messages_utils'; interface Props { errors: Array; title: string; + onRender?: () => void; } -export function WorkspaceErrors(props: Props) { +export function WorkspaceErrors({ errors, title, onRender }: Props) { const [activePage, setActivePage] = useState(0); - const activeError = props.errors.length ? props.errors[activePage] : ''; + const activeError = errors.length ? errors[activePage] : ''; + + React.useEffect(() => onRender?.(), [onRender]); return ( 1 ? ( + errors.length > 1 ? ( @@ -64,7 +67,7 @@ export function WorkspaceErrors(props: Props) { )}
} - title={

{props.title}

} + title={

{title}

} iconColor="danger" iconType="warning" data-test-subj="lnsWorkspaceErrors" diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx index 68c63f1da52dd..6c4a94d77a871 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx @@ -676,13 +676,13 @@ export const InnerWorkspacePanel = React.memo(function InnerWorkspacePanel({ function useReportingState(errors: UserMessage[]): { isRenderComplete: boolean; - hasDynamicError: boolean; + hasRequestError: boolean; + setHasRequestError: (state: boolean) => void; setIsRenderComplete: (state: boolean) => void; - setDynamicError: (state: boolean) => void; nodeRef: React.RefObject; } { const [isRenderComplete, setIsRenderComplete] = useState(Boolean(errors?.length)); - const [hasDynamicError, setDynamicError] = useState(false); + const [hasRequestError, setHasRequestError] = useState(false); const nodeRef = useRef(null); useEffect(() => { @@ -691,9 +691,13 @@ function useReportingState(errors: UserMessage[]): { } }, [isRenderComplete, errors]); - return { isRenderComplete, setIsRenderComplete, hasDynamicError, setDynamicError, nodeRef }; + return { isRenderComplete, setIsRenderComplete, hasRequestError, setHasRequestError, nodeRef }; } +const dataLoadingErrorTitle = i18n.translate('xpack.lens.editorFrame.dataFailure', { + defaultMessage: `An error occurred when loading data`, +}); + export const VisualizationWrapper = ({ expression, lensInspector, @@ -730,13 +734,14 @@ export const VisualizationWrapper = ({ const searchContext = useLensSelector(selectExecutionContextSearch); // Used for reporting - const { isRenderComplete, hasDynamicError, setIsRenderComplete, setDynamicError, nodeRef } = + const { isRenderComplete, hasRequestError, setIsRenderComplete, setHasRequestError, nodeRef } = useReportingState(errors); const onRenderHandler = useCallback(() => { + setHasRequestError(false); setIsRenderComplete(true); onRender$(); - }, [setIsRenderComplete, onRender$]); + }, [onRender$, setHasRequestError, setIsRenderComplete]); const searchSessionId = useLensSelector(selectSearchSessionId); @@ -759,17 +764,13 @@ export const VisualizationWrapper = ({ ); } - const dataLoadingErrorTitle = i18n.translate('xpack.lens.editorFrame.dataFailure', { - defaultMessage: `An error occurred when loading data`, - }); - return (
; + return ( + setHasRequestError(true)} + /> + ); }} />
diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/otel_service_overview_and_transactions.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/otel_service_overview_and_transactions.cy.ts new file mode 100644 index 0000000000000..8554a3302f9b7 --- /dev/null +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/otel_service_overview_and_transactions.cy.ts @@ -0,0 +1,143 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import url from 'url'; +import { synthtraceOtel } from '../../../synthtrace'; +import { sendotlp } from '../../fixtures/synthtrace/sendotlp'; +import { checkA11y } from '../../support/commands'; + +const start = '2021-10-10T00:00:00.000Z'; +const end = '2021-10-10T00:15:00.000Z'; +const serviceInstanceId = '89117ac1-0dbf-4488-9e17-4c2c3b76943a'; + +const serviceOverviewPath = '/app/apm/services/sendotlp-synth/overview'; +const baseUrl = url.format({ + pathname: serviceOverviewPath, + query: { rangeFrom: start, rangeTo: end }, +}); + +describe('Service Overview', () => { + before(() => { + synthtraceOtel.index( + sendotlp({ + from: new Date(start).getTime(), + to: new Date(end).getTime(), + }) + ); + }); + + after(() => { + synthtraceOtel.clean(); + }); + + describe('renders', () => { + beforeEach(() => { + cy.loginAsViewerUser(); + cy.visitKibana(baseUrl); + }); + + it('renders all components on the page', () => { + cy.contains('sendotlp-synth'); + // set skipFailures to true to not fail the test when there are accessibility failures + checkA11y({ skipFailures: true }); + cy.getByTestSubj('latencyChart'); + cy.getByTestSubj('throughput'); + cy.getByTestSubj('transactionsGroupTable'); + cy.getByTestSubj('serviceOverviewErrorsTable'); + cy.getByTestSubj('dependenciesTable'); + cy.getByTestSubj('instancesLatencyDistribution'); + cy.getByTestSubj('serviceOverviewInstancesTable'); + }); + }); + + describe('service icons', () => { + beforeEach(() => { + cy.loginAsViewerUser(); + }); + + it('show information on click', () => { + cy.intercept('GET', '/internal/apm/services/sendotlp-synth/metadata/details?*').as( + 'metadataDetailsRequest' + ); + + cy.visitKibana(baseUrl); + + cy.getByTestSubj('service').click(); + cy.wait('@metadataDetailsRequest'); + cy.contains('dt', 'Framework name'); + cy.contains('dd', 'sendotlp-synth'); + + cy.getByTestSubj('opentelemetry').click(); + cy.contains('dt', 'Language'); + cy.contains('dd', 'go'); + }); + }); + + describe('instances table', () => { + beforeEach(() => { + cy.loginAsViewerUser(); + }); + + it('has data in the table', () => { + cy.visitKibana(baseUrl); + cy.contains('sendotlp-synth'); + cy.getByTestSubj('serviceInstancesTableContainer'); + cy.contains(serviceInstanceId); + }); + }); + + describe('transactions', () => { + beforeEach(() => { + cy.loginAsViewerUser(); + }); + + it('persists transaction type selected when clicking on Transactions tab', () => { + cy.intercept('GET', '/internal/apm/services/sendotlp-synth/transaction_types?*').as( + 'transactionTypesRequest' + ); + + cy.visitKibana(baseUrl); + + cy.wait('@transactionTypesRequest'); + + cy.getByTestSubj('headerFilterTransactionType').should('have.value', 'unknown'); + cy.contains('Transactions').click(); + cy.getByTestSubj('headerFilterTransactionType').should('have.value', 'unknown'); + cy.contains('parent-synth'); + }); + + it('navigates to transaction detail page', () => { + cy.visitKibana(baseUrl); + cy.contains('Transactions').click(); + + cy.contains('a', 'parent-synth').click(); + cy.contains('h5', 'parent-synth'); + }); + }); + + describe('errors', () => { + beforeEach(() => { + cy.loginAsViewerUser(); + cy.visitKibana(baseUrl); + }); + it('errors table is populated', () => { + cy.contains('sendotlp-synth'); + cy.contains('*errors.errorString'); + }); + + it('navigates to the errors page', () => { + cy.contains('sendotlp-synth'); + cy.contains('a', 'View errors').click(); + cy.url().should('include', '/sendotlp-synth/errors'); + }); + + it('navigates to error detail page', () => { + cy.contains('a', '*errors.errorString').click(); + cy.contains('div', 'boom'); + }); + }); +}); diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0_empty/mappings.json b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0_empty/mappings.json deleted file mode 100644 index 8e9d447af8966..0000000000000 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_8.0.0_empty/mappings.json +++ /dev/null @@ -1,20961 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-error": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-error-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "company": { - "type": "keyword" - }, - "customer_tier": { - "type": "keyword" - }, - "foo": { - "type": "keyword" - }, - "lorem": { - "type": "keyword" - }, - "multi-line": { - "type": "keyword" - }, - "request_id": { - "type": "keyword" - }, - "this-is-a-very-long-tag-name-without-any-spaces": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-error" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-metric": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-metric-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "agent_config_applied": { - "type": "long" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "clr": { - "properties": { - "gc": { - "properties": { - "count": { - "type": "long" - }, - "gen0size": { - "type": "long" - }, - "gen1size": { - "type": "float" - }, - "gen2size": { - "type": "long" - }, - "gen3size": { - "type": "float" - }, - "time": { - "type": "float" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "golang": { - "properties": { - "goroutines": { - "type": "long" - }, - "heap": { - "properties": { - "allocations": { - "properties": { - "active": { - "type": "float" - }, - "allocated": { - "type": "float" - }, - "frees": { - "type": "long" - }, - "idle": { - "type": "float" - }, - "mallocs": { - "type": "long" - }, - "objects": { - "type": "long" - }, - "total": { - "type": "float" - } - } - }, - "gc": { - "properties": { - "cpu_fraction": { - "type": "float" - }, - "next_gc_limit": { - "type": "float" - }, - "total_count": { - "type": "long" - }, - "total_pause": { - "properties": { - "ns": { - "type": "float" - } - } - } - } - }, - "system": { - "properties": { - "obtained": { - "type": "float" - }, - "released": { - "type": "float" - }, - "stack": { - "type": "float" - }, - "total": { - "type": "float" - } - } - } - } - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "jvm": { - "properties": { - "gc": { - "properties": { - "alloc": { - "type": "float" - }, - "count": { - "type": "long" - }, - "time": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "heap": { - "properties": { - "committed": { - "type": "float" - }, - "max": { - "type": "float" - }, - "pool": { - "properties": { - "committed": { - "type": "float" - }, - "max": { - "type": "float" - }, - "used": { - "type": "float" - } - } - }, - "used": { - "type": "float" - } - } - }, - "non_heap": { - "properties": { - "committed": { - "type": "float" - }, - "max": { - "type": "long" - }, - "used": { - "type": "float" - } - } - } - } - }, - "thread": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "a": { - "type": "keyword" - }, - "charset": { - "type": "keyword" - }, - "connection": { - "type": "keyword" - }, - "env": { - "type": "keyword" - }, - "etag": { - "type": "keyword" - }, - "generation": { - "type": "keyword" - }, - "hostname": { - "type": "keyword" - }, - "implementation": { - "type": "keyword" - }, - "major": { - "type": "keyword" - }, - "method": { - "type": "keyword" - }, - "minor": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "patchlevel": { - "type": "keyword" - }, - "status": { - "type": "keyword" - }, - "transport": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "version": { - "type": "keyword" - }, - "view": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "nodejs": { - "properties": { - "eventloop": { - "properties": { - "delay": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "handles": { - "properties": { - "active": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "arrayBuffers": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "external": { - "properties": { - "bytes": { - "type": "float" - } - } - }, - "heap": { - "properties": { - "allocated": { - "properties": { - "bytes": { - "type": "float" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "float" - } - } - } - } - } - } - }, - "requests": { - "properties": { - "active": { - "type": "long" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "prometheus": { - "properties": { - "metrics": { - "properties": { - "django_http_ajax_requests": { - "type": "long" - }, - "django_http_exceptions_total_by_type": { - "type": "long" - }, - "django_http_exceptions_total_by_view": { - "type": "long" - }, - "django_http_requests_before_middlewares": { - "type": "long" - }, - "django_http_requests_total_by_method": { - "type": "long" - }, - "django_http_requests_total_by_transport": { - "type": "long" - }, - "django_http_requests_total_by_view_transport_method": { - "type": "long" - }, - "django_http_requests_unknown_latency": { - "type": "long" - }, - "django_http_requests_unknown_latency_including_middlewares": { - "type": "long" - }, - "django_http_responses_before_middlewares": { - "type": "long" - }, - "django_http_responses_streaming": { - "type": "long" - }, - "django_http_responses_total_by_charset": { - "type": "long" - }, - "django_http_responses_total_by_status": { - "type": "long" - }, - "django_http_responses_total_by_status_view_method": { - "type": "long" - }, - "django_migrations_applied_total": { - "type": "long" - }, - "django_migrations_unapplied_total": { - "type": "long" - }, - "opbeans_python_line_items": { - "type": "long" - }, - "opbeans_python_orders": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - }, - "process_cpu_seconds": { - "type": "float" - }, - "process_max_fds": { - "type": "float" - }, - "process_open_fds": { - "type": "long" - }, - "process_resident_memory_bytes": { - "type": "float" - }, - "process_start_time_seconds": { - "type": "float" - }, - "process_virtual_memory_bytes": { - "type": "float" - }, - "python_gc_collections": { - "type": "long" - }, - "python_gc_objects_collected": { - "type": "long" - }, - "python_gc_objects_uncollectable": { - "type": "long" - }, - "python_info": { - "type": "long" - }, - "random_counter": { - "type": "long" - }, - "random_gauge": { - "type": "float" - }, - "random_summary": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ruby": { - "properties": { - "gc": { - "properties": { - "count": { - "type": "long" - } - } - }, - "heap": { - "properties": { - "allocations": { - "properties": { - "total": { - "type": "long" - } - } - }, - "slots": { - "properties": { - "free": { - "type": "long" - }, - "live": { - "type": "long" - } - } - } - } - }, - "threads": { - "type": "long" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - }, - "stats": { - "properties": { - "inactive_file": { - "properties": { - "bytes": { - "type": "float" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "system": { - "properties": { - "norm": { - "properties": { - "pct": { - "type": "float" - } - } - } - } - }, - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "user": { - "properties": { - "norm": { - "properties": { - "pct": { - "type": "float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-metric" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-span": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-span-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "events_encoded": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "events_failed": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "events_original": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "events_published": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "foo": { - "type": "keyword" - }, - "productId": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "links": { - "dynamic": "false", - "type": "nested", - "properties": { - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-span" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-transaction": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-transaction-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "company": { - "type": "keyword" - }, - "customer_email": { - "type": "keyword" - }, - "customer_name": { - "type": "keyword" - }, - "customer_tier": { - "type": "keyword" - }, - "foo": { - "type": "keyword" - }, - "lorem": { - "type": "keyword" - }, - "multi-line": { - "type": "keyword" - }, - "request_id": { - "type": "keyword" - }, - "served_from_cache": { - "type": "keyword" - }, - "this-is-a-very-long-tag-name-without-any-spaces": { - "type": "keyword" - }, - "worker": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - }, - "agent": { - "properties": { - "domComplete": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domInteractive": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "timeToFirstByte": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "navigationTiming": { - "properties": { - "connectEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "connectStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domComplete": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domContentLoadedEventEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domContentLoadedEventStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domInteractive": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domLoading": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domainLookupEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domainLookupStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fetchStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "loadEventEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "loadEventStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "requestStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "responseEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "responseStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-transaction" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_mappings_only_8.0.0/mappings.json b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_mappings_only_8.0.0/mappings.json deleted file mode 100644 index 3167ad3f5a6a0..0000000000000 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/apm_mappings_only_8.0.0/mappings.json +++ /dev/null @@ -1,22112 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".ml-anomalies-.write-apm-environment_not_defined-337d-high_mean_transaction_duration": { - "is_hidden": true - }, - ".ml-anomalies-.write-apm-production-6117-high_mean_transaction_duration": { - "is_hidden": true - }, - ".ml-anomalies-.write-apm-testing-41e5-high_mean_transaction_duration": { - "is_hidden": true - }, - ".ml-anomalies-apm-environment_not_defined-337d-high_mean_transaction_duration": { - "filter": { - "term": { - "job_id": { - "boost": 1, - "value": "apm-environment_not_defined-337d-high_mean_transaction_duration" - } - } - }, - "is_hidden": true - }, - ".ml-anomalies-apm-production-6117-high_mean_transaction_duration": { - "filter": { - "term": { - "job_id": { - "boost": 1, - "value": "apm-production-6117-high_mean_transaction_duration" - } - } - }, - "is_hidden": true - }, - ".ml-anomalies-apm-testing-41e5-high_mean_transaction_duration": { - "filter": { - "term": { - "job_id": { - "boost": 1, - "value": "apm-testing-41e5-high_mean_transaction_duration" - } - } - }, - "is_hidden": true - } - }, - "index": ".ml-anomalies-shared", - "mappings": { - "_meta": { - "version": "7.14.0" - }, - "dynamic_templates": [ - { - "strings_as_keywords": { - "mapping": { - "type": "keyword" - }, - "match": "*" - } - } - ], - "properties": { - "actual": { - "type": "double" - }, - "all_field_values": { - "analyzer": "whitespace", - "type": "text" - }, - "anomaly_score": { - "type": "double" - }, - "assignment_memory_basis": { - "type": "keyword" - }, - "average_bucket_processing_time_ms": { - "type": "double" - }, - "bucket_allocation_failures_count": { - "type": "long" - }, - "bucket_count": { - "type": "long" - }, - "bucket_influencers": { - "properties": { - "anomaly_score": { - "type": "double" - }, - "bucket_span": { - "type": "long" - }, - "influencer_field_name": { - "type": "keyword" - }, - "initial_anomaly_score": { - "type": "double" - }, - "is_interim": { - "type": "boolean" - }, - "job_id": { - "type": "keyword" - }, - "probability": { - "type": "double" - }, - "raw_anomaly_score": { - "type": "double" - }, - "result_type": { - "type": "keyword" - }, - "timestamp": { - "type": "date" - } - }, - "type": "nested" - }, - "bucket_span": { - "type": "long" - }, - "by_field_name": { - "type": "keyword" - }, - "by_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "categorization_status": { - "type": "keyword" - }, - "categorized_doc_count": { - "type": "keyword" - }, - "category_id": { - "type": "long" - }, - "causes": { - "properties": { - "actual": { - "type": "double" - }, - "by_field_name": { - "type": "keyword" - }, - "by_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "correlated_by_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "field_name": { - "type": "keyword" - }, - "function": { - "type": "keyword" - }, - "function_description": { - "type": "keyword" - }, - "geo_results": { - "properties": { - "actual_point": { - "type": "geo_point" - }, - "typical_point": { - "type": "geo_point" - } - } - }, - "over_field_name": { - "type": "keyword" - }, - "over_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "partition_field_name": { - "type": "keyword" - }, - "partition_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "probability": { - "type": "double" - }, - "typical": { - "type": "double" - } - }, - "type": "nested" - }, - "dead_category_count": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "detector_index": { - "type": "integer" - }, - "earliest_record_timestamp": { - "type": "date" - }, - "empty_bucket_count": { - "type": "long" - }, - "event_count": { - "type": "long" - }, - "examples": { - "type": "text" - }, - "exponential_average_bucket_processing_time_ms": { - "type": "double" - }, - "exponential_average_calculation_context": { - "properties": { - "incremental_metric_value_ms": { - "type": "double" - }, - "latest_timestamp": { - "type": "date" - }, - "previous_exponential_average_ms": { - "type": "double" - } - } - }, - "failed_category_count": { - "type": "keyword" - }, - "field_name": { - "type": "keyword" - }, - "forecast_create_timestamp": { - "type": "date" - }, - "forecast_end_timestamp": { - "type": "date" - }, - "forecast_expiry_timestamp": { - "type": "date" - }, - "forecast_id": { - "type": "keyword" - }, - "forecast_lower": { - "type": "double" - }, - "forecast_memory_bytes": { - "type": "long" - }, - "forecast_messages": { - "type": "keyword" - }, - "forecast_prediction": { - "type": "double" - }, - "forecast_progress": { - "type": "double" - }, - "forecast_start_timestamp": { - "type": "date" - }, - "forecast_status": { - "type": "keyword" - }, - "forecast_upper": { - "type": "double" - }, - "frequent_category_count": { - "type": "keyword" - }, - "function": { - "type": "keyword" - }, - "function_description": { - "type": "keyword" - }, - "geo_results": { - "properties": { - "actual_point": { - "type": "geo_point" - }, - "typical_point": { - "type": "geo_point" - } - } - }, - "influencer_field_name": { - "type": "keyword" - }, - "influencer_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "influencer_score": { - "type": "double" - }, - "influencers": { - "properties": { - "influencer_field_name": { - "type": "keyword" - }, - "influencer_field_values": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - } - }, - "type": "nested" - }, - "initial_anomaly_score": { - "type": "double" - }, - "initial_influencer_score": { - "type": "double" - }, - "initial_record_score": { - "type": "double" - }, - "input_bytes": { - "type": "long" - }, - "input_field_count": { - "type": "long" - }, - "input_record_count": { - "type": "long" - }, - "invalid_date_count": { - "type": "long" - }, - "is_interim": { - "type": "boolean" - }, - "job_id": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "last_data_time": { - "type": "date" - }, - "latest_empty_bucket_timestamp": { - "type": "date" - }, - "latest_record_time_stamp": { - "type": "date" - }, - "latest_record_timestamp": { - "type": "date" - }, - "latest_result_time_stamp": { - "type": "date" - }, - "latest_sparse_bucket_timestamp": { - "type": "date" - }, - "log_time": { - "type": "date" - }, - "max_matching_length": { - "type": "long" - }, - "maximum_bucket_processing_time_ms": { - "type": "double" - }, - "memory_status": { - "type": "keyword" - }, - "min_version": { - "type": "keyword" - }, - "minimum_bucket_processing_time_ms": { - "type": "double" - }, - "missing_field_count": { - "type": "long" - }, - "mlcategory": { - "type": "keyword" - }, - "model_bytes": { - "type": "long" - }, - "model_bytes_exceeded": { - "type": "keyword" - }, - "model_bytes_memory_limit": { - "type": "keyword" - }, - "model_feature": { - "type": "keyword" - }, - "model_lower": { - "type": "double" - }, - "model_median": { - "type": "double" - }, - "model_size_stats": { - "properties": { - "assignment_memory_basis": { - "type": "keyword" - }, - "bucket_allocation_failures_count": { - "type": "long" - }, - "categorization_status": { - "type": "keyword" - }, - "categorized_doc_count": { - "type": "keyword" - }, - "dead_category_count": { - "type": "keyword" - }, - "failed_category_count": { - "type": "keyword" - }, - "frequent_category_count": { - "type": "keyword" - }, - "job_id": { - "type": "keyword" - }, - "log_time": { - "type": "date" - }, - "memory_status": { - "type": "keyword" - }, - "model_bytes": { - "type": "long" - }, - "model_bytes_exceeded": { - "type": "keyword" - }, - "model_bytes_memory_limit": { - "type": "keyword" - }, - "peak_model_bytes": { - "type": "long" - }, - "rare_category_count": { - "type": "keyword" - }, - "result_type": { - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "total_by_field_count": { - "type": "long" - }, - "total_category_count": { - "type": "keyword" - }, - "total_over_field_count": { - "type": "long" - }, - "total_partition_field_count": { - "type": "long" - } - } - }, - "model_upper": { - "type": "double" - }, - "multi_bucket_impact": { - "type": "double" - }, - "num_matches": { - "type": "long" - }, - "out_of_order_timestamp_count": { - "type": "long" - }, - "over_field_name": { - "type": "keyword" - }, - "over_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "partition_field_name": { - "type": "keyword" - }, - "partition_field_value": { - "copy_to": [ - "all_field_values" - ], - "type": "keyword" - }, - "peak_model_bytes": { - "type": "keyword" - }, - "preferred_to_categories": { - "type": "long" - }, - "probability": { - "type": "double" - }, - "processed_field_count": { - "type": "long" - }, - "processed_record_count": { - "type": "long" - }, - "processing_time_ms": { - "type": "long" - }, - "quantiles": { - "enabled": false, - "type": "object" - }, - "rare_category_count": { - "type": "keyword" - }, - "raw_anomaly_score": { - "type": "double" - }, - "record_score": { - "type": "double" - }, - "regex": { - "type": "keyword" - }, - "result_type": { - "type": "keyword" - }, - "retain": { - "type": "boolean" - }, - "scheduled_events": { - "type": "keyword" - }, - "search_count": { - "type": "long" - }, - "service": { - "properties": { - "name": { - "type": "keyword" - } - } - }, - "snapshot_doc_count": { - "type": "integer" - }, - "snapshot_id": { - "type": "keyword" - }, - "sparse_bucket_count": { - "type": "long" - }, - "terms": { - "type": "text" - }, - "timestamp": { - "type": "date" - }, - "total_by_field_count": { - "type": "long" - }, - "total_category_count": { - "type": "keyword" - }, - "total_over_field_count": { - "type": "long" - }, - "total_partition_field_count": { - "type": "long" - }, - "total_search_time_ms": { - "type": "double" - }, - "transaction": { - "properties": { - "type": { - "type": "keyword" - } - } - }, - "typical": { - "type": "double" - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "hidden": "true", - "number_of_replicas": "1", - "number_of_shards": "1", - "translog": { - "durability": "async" - } - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": {}, - "index": ".ml-config", - "mappings": { - "_meta": { - "version": "7.14.0" - }, - "dynamic_templates": [ - { - "strings_as_keywords": { - "mapping": { - "type": "keyword" - }, - "match": "*" - } - } - ], - "properties": { - "aggregations": { - "enabled": false, - "type": "object" - }, - "allow_lazy_open": { - "type": "keyword" - }, - "allow_lazy_start": { - "type": "keyword" - }, - "analysis": { - "properties": { - "classification": { - "properties": { - "alpha": { - "type": "double" - }, - "class_assignment_objective": { - "type": "keyword" - }, - "dependent_variable": { - "type": "keyword" - }, - "downsample_factor": { - "type": "double" - }, - "early_stopping_enabled": { - "type": "boolean" - }, - "eta": { - "type": "double" - }, - "eta_growth_rate_per_tree": { - "type": "double" - }, - "feature_bag_fraction": { - "type": "double" - }, - "feature_processors": { - "enabled": false, - "type": "object" - }, - "gamma": { - "type": "double" - }, - "lambda": { - "type": "double" - }, - "max_optimization_rounds_per_hyperparameter": { - "type": "integer" - }, - "max_trees": { - "type": "integer" - }, - "num_top_classes": { - "type": "integer" - }, - "num_top_feature_importance_values": { - "type": "integer" - }, - "prediction_field_name": { - "type": "keyword" - }, - "randomize_seed": { - "type": "keyword" - }, - "soft_tree_depth_limit": { - "type": "double" - }, - "soft_tree_depth_tolerance": { - "type": "double" - }, - "training_percent": { - "type": "double" - } - } - }, - "outlier_detection": { - "properties": { - "compute_feature_influence": { - "type": "keyword" - }, - "feature_influence_threshold": { - "type": "double" - }, - "method": { - "type": "keyword" - }, - "n_neighbors": { - "type": "integer" - }, - "outlier_fraction": { - "type": "keyword" - }, - "standardization_enabled": { - "type": "keyword" - } - } - }, - "regression": { - "properties": { - "alpha": { - "type": "double" - }, - "dependent_variable": { - "type": "keyword" - }, - "downsample_factor": { - "type": "double" - }, - "early_stopping_enabled": { - "type": "boolean" - }, - "eta": { - "type": "double" - }, - "eta_growth_rate_per_tree": { - "type": "double" - }, - "feature_bag_fraction": { - "type": "double" - }, - "feature_processors": { - "enabled": false, - "type": "object" - }, - "gamma": { - "type": "double" - }, - "lambda": { - "type": "double" - }, - "loss_function": { - "type": "keyword" - }, - "loss_function_parameter": { - "type": "double" - }, - "max_optimization_rounds_per_hyperparameter": { - "type": "integer" - }, - "max_trees": { - "type": "integer" - }, - "num_top_feature_importance_values": { - "type": "integer" - }, - "prediction_field_name": { - "type": "keyword" - }, - "randomize_seed": { - "type": "keyword" - }, - "soft_tree_depth_limit": { - "type": "double" - }, - "soft_tree_depth_tolerance": { - "type": "double" - }, - "training_percent": { - "type": "double" - } - } - } - } - }, - "analysis_config": { - "properties": { - "bucket_span": { - "type": "keyword" - }, - "categorization_analyzer": { - "enabled": false, - "type": "object" - }, - "categorization_field_name": { - "type": "keyword" - }, - "categorization_filters": { - "type": "keyword" - }, - "detectors": { - "properties": { - "by_field_name": { - "type": "keyword" - }, - "custom_rules": { - "properties": { - "actions": { - "type": "keyword" - }, - "conditions": { - "properties": { - "applies_to": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "value": { - "type": "double" - } - }, - "type": "nested" - }, - "scope": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "detector_description": { - "type": "text" - }, - "detector_index": { - "type": "integer" - }, - "exclude_frequent": { - "type": "keyword" - }, - "field_name": { - "type": "keyword" - }, - "function": { - "type": "keyword" - }, - "over_field_name": { - "type": "keyword" - }, - "partition_field_name": { - "type": "keyword" - }, - "use_null": { - "type": "boolean" - } - } - }, - "influencers": { - "type": "keyword" - }, - "latency": { - "type": "keyword" - }, - "multivariate_by_fields": { - "type": "boolean" - }, - "per_partition_categorization": { - "properties": { - "enabled": { - "type": "boolean" - }, - "stop_on_warn": { - "type": "boolean" - } - } - }, - "summary_count_field_name": { - "type": "keyword" - } - } - }, - "analysis_limits": { - "properties": { - "categorization_examples_limit": { - "type": "long" - }, - "model_memory_limit": { - "type": "keyword" - } - } - }, - "analyzed_fields": { - "enabled": false, - "type": "object" - }, - "background_persist_interval": { - "type": "keyword" - }, - "blocked": { - "properties": { - "reason": { - "type": "keyword" - }, - "task_id": { - "type": "keyword" - } - } - }, - "chunking_config": { - "properties": { - "mode": { - "type": "keyword" - }, - "time_span": { - "type": "keyword" - } - } - }, - "config_type": { - "type": "keyword" - }, - "create_time": { - "type": "date" - }, - "custom_settings": { - "enabled": false, - "type": "object" - }, - "daily_model_snapshot_retention_after_days": { - "type": "long" - }, - "data_description": { - "properties": { - "field_delimiter": { - "type": "keyword" - }, - "format": { - "type": "keyword" - }, - "quote_character": { - "type": "keyword" - }, - "time_field": { - "type": "keyword" - }, - "time_format": { - "type": "keyword" - } - } - }, - "datafeed_id": { - "type": "keyword" - }, - "delayed_data_check_config": { - "properties": { - "check_window": { - "type": "keyword" - }, - "enabled": { - "type": "boolean" - } - } - }, - "deleting": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "dest": { - "properties": { - "index": { - "type": "keyword" - }, - "results_field": { - "type": "keyword" - } - } - }, - "finished_time": { - "type": "date" - }, - "frequency": { - "type": "keyword" - }, - "groups": { - "type": "keyword" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "type": "keyword" - }, - "indices": { - "type": "keyword" - }, - "indices_options": { - "enabled": false, - "type": "object" - }, - "job_id": { - "type": "keyword" - }, - "job_type": { - "type": "keyword" - }, - "job_version": { - "type": "keyword" - }, - "max_empty_searches": { - "type": "keyword" - }, - "max_num_threads": { - "type": "integer" - }, - "model_memory_limit": { - "type": "keyword" - }, - "model_plot_config": { - "properties": { - "annotations_enabled": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "terms": { - "type": "keyword" - } - } - }, - "model_snapshot_id": { - "type": "keyword" - }, - "model_snapshot_min_version": { - "type": "keyword" - }, - "model_snapshot_retention_days": { - "type": "long" - }, - "query": { - "enabled": false, - "type": "object" - }, - "query_delay": { - "type": "keyword" - }, - "renormalization_window_days": { - "type": "long" - }, - "results_index_name": { - "type": "keyword" - }, - "results_retention_days": { - "type": "long" - }, - "runtime_mappings": { - "enabled": false, - "type": "object" - }, - "script_fields": { - "enabled": false, - "type": "object" - }, - "scroll_size": { - "type": "long" - }, - "source": { - "properties": { - "_source": { - "enabled": false, - "type": "object" - }, - "index": { - "type": "keyword" - }, - "query": { - "enabled": false, - "type": "object" - }, - "runtime_mappings": { - "enabled": false, - "type": "object" - } - } - }, - "version": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "max_result_window": "10000", - "number_of_replicas": "1", - "number_of_shards": "1" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-error": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-error-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "company": { - "type": "keyword" - }, - "customer_tier": { - "type": "keyword" - }, - "foo": { - "type": "keyword" - }, - "lorem": { - "type": "keyword" - }, - "multi-line": { - "type": "keyword" - }, - "request_id": { - "type": "keyword" - }, - "this-is-a-very-long-tag-name-without-any-spaces": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-error" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-metric": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-metric-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "agent_config_applied": { - "type": "long" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "clr": { - "properties": { - "gc": { - "properties": { - "count": { - "type": "long" - }, - "gen0size": { - "type": "long" - }, - "gen1size": { - "type": "float" - }, - "gen2size": { - "type": "long" - }, - "gen3size": { - "type": "float" - }, - "time": { - "type": "float" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "golang": { - "properties": { - "goroutines": { - "type": "long" - }, - "heap": { - "properties": { - "allocations": { - "properties": { - "active": { - "type": "float" - }, - "allocated": { - "type": "float" - }, - "frees": { - "type": "long" - }, - "idle": { - "type": "float" - }, - "mallocs": { - "type": "long" - }, - "objects": { - "type": "long" - }, - "total": { - "type": "float" - } - } - }, - "gc": { - "properties": { - "cpu_fraction": { - "type": "float" - }, - "next_gc_limit": { - "type": "float" - }, - "total_count": { - "type": "long" - }, - "total_pause": { - "properties": { - "ns": { - "type": "float" - } - } - } - } - }, - "system": { - "properties": { - "obtained": { - "type": "float" - }, - "released": { - "type": "float" - }, - "stack": { - "type": "float" - }, - "total": { - "type": "float" - } - } - } - } - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "jvm": { - "properties": { - "gc": { - "properties": { - "alloc": { - "type": "float" - }, - "count": { - "type": "long" - }, - "time": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "heap": { - "properties": { - "committed": { - "type": "float" - }, - "max": { - "type": "float" - }, - "pool": { - "properties": { - "committed": { - "type": "float" - }, - "max": { - "type": "float" - }, - "used": { - "type": "float" - } - } - }, - "used": { - "type": "float" - } - } - }, - "non_heap": { - "properties": { - "committed": { - "type": "float" - }, - "max": { - "type": "long" - }, - "used": { - "type": "float" - } - } - } - } - }, - "thread": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "a": { - "type": "keyword" - }, - "charset": { - "type": "keyword" - }, - "connection": { - "type": "keyword" - }, - "env": { - "type": "keyword" - }, - "etag": { - "type": "keyword" - }, - "generation": { - "type": "keyword" - }, - "hostname": { - "type": "keyword" - }, - "implementation": { - "type": "keyword" - }, - "major": { - "type": "keyword" - }, - "method": { - "type": "keyword" - }, - "minor": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "patchlevel": { - "type": "keyword" - }, - "status": { - "type": "keyword" - }, - "transport": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "version": { - "type": "keyword" - }, - "view": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "nodejs": { - "properties": { - "eventloop": { - "properties": { - "delay": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "handles": { - "properties": { - "active": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "arrayBuffers": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "external": { - "properties": { - "bytes": { - "type": "float" - } - } - }, - "heap": { - "properties": { - "allocated": { - "properties": { - "bytes": { - "type": "float" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "float" - } - } - } - } - } - } - }, - "requests": { - "properties": { - "active": { - "type": "long" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "prometheus": { - "properties": { - "metrics": { - "properties": { - "django_http_ajax_requests": { - "type": "long" - }, - "django_http_exceptions_total_by_type": { - "type": "long" - }, - "django_http_exceptions_total_by_view": { - "type": "long" - }, - "django_http_requests_before_middlewares": { - "type": "long" - }, - "django_http_requests_total_by_method": { - "type": "long" - }, - "django_http_requests_total_by_transport": { - "type": "long" - }, - "django_http_requests_total_by_view_transport_method": { - "type": "long" - }, - "django_http_requests_unknown_latency": { - "type": "long" - }, - "django_http_requests_unknown_latency_including_middlewares": { - "type": "long" - }, - "django_http_responses_before_middlewares": { - "type": "long" - }, - "django_http_responses_streaming": { - "type": "long" - }, - "django_http_responses_total_by_charset": { - "type": "long" - }, - "django_http_responses_total_by_status": { - "type": "long" - }, - "django_http_responses_total_by_status_view_method": { - "type": "long" - }, - "django_migrations_applied_total": { - "type": "long" - }, - "django_migrations_unapplied_total": { - "type": "long" - }, - "opbeans_python_line_items": { - "type": "long" - }, - "opbeans_python_orders": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - }, - "process_cpu_seconds": { - "type": "float" - }, - "process_max_fds": { - "type": "float" - }, - "process_open_fds": { - "type": "long" - }, - "process_resident_memory_bytes": { - "type": "float" - }, - "process_start_time_seconds": { - "type": "float" - }, - "process_virtual_memory_bytes": { - "type": "float" - }, - "python_gc_collections": { - "type": "long" - }, - "python_gc_objects_collected": { - "type": "long" - }, - "python_gc_objects_uncollectable": { - "type": "long" - }, - "python_info": { - "type": "long" - }, - "random_counter": { - "type": "long" - }, - "random_gauge": { - "type": "float" - }, - "random_summary": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ruby": { - "properties": { - "gc": { - "properties": { - "count": { - "type": "long" - } - } - }, - "heap": { - "properties": { - "allocations": { - "properties": { - "total": { - "type": "long" - } - } - }, - "slots": { - "properties": { - "free": { - "type": "long" - }, - "live": { - "type": "long" - } - } - } - } - }, - "threads": { - "type": "long" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - }, - "stats": { - "properties": { - "inactive_file": { - "properties": { - "bytes": { - "type": "float" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "system": { - "properties": { - "norm": { - "properties": { - "pct": { - "type": "float" - } - } - } - } - }, - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "user": { - "properties": { - "norm": { - "properties": { - "pct": { - "type": "float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-metric" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-span": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-span-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "events_encoded": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "events_failed": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "events_original": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "events_published": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "foo": { - "type": "keyword" - }, - "productId": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "links": { - "properties": { - "span": { - "properties": { - "id": { - "type": "keyword", - "ignore_above": 1024 - } - } - }, - "trace": { - "properties": { - "id": { - "type": "keyword", - "ignore_above": 1024 - } - } - } - } - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-span" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - "apm-7.14.0-transaction": { - "is_write_index": true - } - }, - "index": "apm-7.14.0-transaction-000001", - "mappings": { - "_meta": { - "beat": "apm", - "version": "7.14.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "kubernetes.selectors.*" - } - }, - { - "labels_string": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "labels_boolean": { - "mapping": { - "type": "boolean" - }, - "match_mapping_type": "boolean", - "path_match": "labels.*" - } - }, - { - "labels_*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "labels.*" - } - }, - { - "histogram": { - "mapping": { - "type": "histogram" - } - } - }, - { - "transaction.marks": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "transaction.marks.*" - } - }, - { - "transaction.marks.*.*": { - "mapping": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "path_match": "transaction.marks.*.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "dynamic": "false", - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "child": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "dynamic": "false", - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "dynamic": "false", - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "culprit": { - "ignore_above": 1024, - "type": "keyword" - }, - "exception": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handled": { - "type": "boolean" - }, - "message": { - "norms": false, - "type": "text" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "grouping_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "grouping_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "param_message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "experimental": { - "dynamic": "true", - "type": "object" - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "dynamic": "false", - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "dynamic": "false", - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "finished": { - "type": "boolean" - }, - "headers": { - "enabled": false, - "type": "object" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "dynamic": "false", - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "dynamic": "true", - "properties": { - "company": { - "type": "keyword" - }, - "customer_email": { - "type": "keyword" - }, - "customer_name": { - "type": "keyword" - }, - "customer_tier": { - "type": "keyword" - }, - "foo": { - "type": "keyword" - }, - "lorem": { - "type": "keyword" - }, - "multi-line": { - "type": "keyword" - }, - "request_id": { - "type": "keyword" - }, - "served_from_cache": { - "type": "keyword" - }, - "this-is-a-very-long-tag-name-without-any-spaces": { - "type": "keyword" - }, - "worker": { - "type": "keyword" - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "period": { - "meta": { - "unit": "ms" - }, - "type": "long" - } - } - }, - "network": { - "dynamic": "false", - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "carrier": { - "properties": { - "icc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "mnc": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "dynamic": "false", - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "listening": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_major": { - "type": "byte" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "dynamic": "false", - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "processor": { - "properties": { - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "profile": { - "dynamic": "false", - "properties": { - "alloc_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "alloc_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "ns": { - "meta": { - "unit": "nanos" - }, - "type": "long" - } - } - }, - "duration": { - "meta": { - "unit": "nanos" - }, - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inuse_objects": { - "properties": { - "count": { - "type": "long" - } - } - }, - "inuse_space": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "samples": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stack": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "top": { - "dynamic": "false", - "properties": { - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "line": { - "type": "long" - } - } - }, - "wall": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "dynamic": "false", - "properties": { - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "framework": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - } - } - }, - "source": { - "dynamic": "false", - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "sourcemap": { - "dynamic": "false", - "properties": { - "bundle_filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "dynamic": "false", - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "dynamic": "false", - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows_affected": { - "type": "long" - } - } - }, - "destination": { - "dynamic": "false", - "properties": { - "service": { - "dynamic": "false", - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "start": { - "properties": { - "us": { - "type": "long" - } - } - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "links": { - "properties": { - "span": { - "properties": { - "id": { - "type": "keyword", - "ignore_above": 1024 - } - } - }, - "trace": { - "properties": { - "id": { - "type": "keyword", - "ignore_above": 1024 - } - } - } - } - } - } - }, - "system": { - "properties": { - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "meta": { - "metric_type": "gauge", - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - }, - "periods": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "ns": { - "meta": { - "metric_type": "counter", - "unit": "nanos" - }, - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "meta": { - "metric_type": "gauge", - "unit": "percent" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - }, - "size": { - "meta": { - "metric_type": "gauge", - "unit": "byte" - }, - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "properties": { - "us": { - "type": "long" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "dynamic": "false", - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "dynamic": "false", - "properties": { - "breakdown": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "count": { - "type": "long" - }, - "histogram": { - "type": "histogram" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - }, - "us": { - "type": "long" - } - } - }, - "experience": { - "properties": { - "cls": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fid": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "longtask": { - "properties": { - "count": { - "type": "long" - }, - "max": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "sum": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "tbt": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "marks": { - "dynamic": "true", - "properties": { - "*": { - "properties": { - "*": { - "dynamic": "true", - "type": "object" - } - } - }, - "agent": { - "properties": { - "domComplete": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domInteractive": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "timeToFirstByte": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - }, - "navigationTiming": { - "properties": { - "connectEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "connectStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domComplete": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domContentLoadedEventEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domContentLoadedEventStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domInteractive": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domLoading": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domainLookupEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "domainLookupStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "fetchStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "loadEventEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "loadEventStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "requestStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "responseEnd": { - "scaling_factor": 1000000, - "type": "scaled_float" - }, - "responseStart": { - "scaling_factor": 1000000, - "type": "scaled_float" - } - } - } - } - }, - "message": { - "dynamic": "false", - "properties": { - "age": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "root": { - "type": "boolean" - }, - "sampled": { - "type": "boolean" - }, - "self_time": { - "properties": { - "count": { - "type": "long" - }, - "sum": { - "properties": { - "us": { - "meta": { - "unit": "micros" - }, - "type": "long" - } - } - } - } - }, - "span_count": { - "properties": { - "dropped": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "dynamic": "false", - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "dynamic": "false", - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "dynamic": "false", - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "blocks": { - "read_only_allow_delete": "false" - }, - "codec": "best_compression", - "lifecycle": { - "name": "apm-rollover-30-days", - "rollover_alias": "apm-7.14.0-transaction" - }, - "mapping": { - "total_fields": { - "limit": "2000" - } - }, - "max_docvalue_fields_search": "200", - "number_of_replicas": "1", - "number_of_shards": "1", - "priority": "100", - "refresh_interval": "5s" - } - } - } -} \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/metrics_8.0.0/mappings.json b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/metrics_8.0.0/mappings.json deleted file mode 100644 index 602736a9f2893..0000000000000 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/es_archiver/metrics_8.0.0/mappings.json +++ /dev/null @@ -1,20374 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "filebeat-2019.07.10", - "mappings": { - "_meta": { - "beat": "filebeat", - "version": "8.0.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "docker.attrs": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.attrs.*" - } - }, - { - "kibana.log.meta": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "kibana.log.meta.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "properties": { - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "apache": { - "properties": { - "access": { - "properties": { - "ssl": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "apache2": { - "properties": { - "access": { - "properties": { - "geoip": { - "type": "object" - }, - "user_agent": { - "type": "object" - } - } - }, - "error": { - "type": "object" - } - } - }, - "auditd": { - "properties": { - "log": { - "properties": { - "a0": { - "ignore_above": 1024, - "type": "keyword" - }, - "addr": { - "type": "ip" - }, - "geoip": { - "type": "object" - }, - "item": { - "ignore_above": 1024, - "type": "keyword" - }, - "items": { - "ignore_above": 1024, - "type": "keyword" - }, - "laddr": { - "type": "ip" - }, - "lport": { - "type": "long" - }, - "new_auid": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_ses": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_auid": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_ses": { - "ignore_above": 1024, - "type": "keyword" - }, - "rport": { - "type": "long" - }, - "sequence": { - "type": "long" - }, - "tty": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "certificate": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cisco": { - "properties": { - "asa": { - "properties": { - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code": { - "type": "short" - }, - "icmp_type": { - "type": "short" - }, - "list_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "mapped_destination_ip": { - "type": "ip" - }, - "mapped_destination_port": { - "type": "long" - }, - "mapped_source_ip": { - "type": "ip" - }, - "mapped_source_port": { - "type": "long" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "suffix": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_level": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "container": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "annotation_io_kubernetes_container_hash": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_ports": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_restartCount": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_terminationMessagePath": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_terminationMessagePolicy": { - "type": "keyword" - }, - "annotation_io_kubernetes_pod_terminationGracePeriod": { - "type": "keyword" - }, - "com_docker_compose_config-hash": { - "type": "keyword" - }, - "com_docker_compose_container-number": { - "type": "keyword" - }, - "com_docker_compose_oneoff": { - "type": "keyword" - }, - "com_docker_compose_project": { - "type": "keyword" - }, - "com_docker_compose_service": { - "type": "keyword" - }, - "com_docker_compose_version": { - "type": "keyword" - }, - "io_kubernetes_container_logpath": { - "type": "keyword" - }, - "io_kubernetes_container_name": { - "type": "keyword" - }, - "io_kubernetes_docker_type": { - "type": "keyword" - }, - "io_kubernetes_pod_name": { - "type": "keyword" - }, - "io_kubernetes_pod_namespace": { - "type": "keyword" - }, - "io_kubernetes_pod_uid": { - "type": "keyword" - }, - "io_kubernetes_sandbox_id": { - "type": "keyword" - }, - "license": { - "type": "keyword" - }, - "maintainer": { - "type": "keyword" - }, - "org_label-schema_build-date": { - "type": "keyword" - }, - "org_label-schema_license": { - "type": "keyword" - }, - "org_label-schema_name": { - "type": "keyword" - }, - "org_label-schema_schema-version": { - "type": "keyword" - }, - "org_label-schema_url": { - "type": "keyword" - }, - "org_label-schema_vcs-url": { - "type": "keyword" - }, - "org_label-schema_vendor": { - "type": "keyword" - }, - "org_label-schema_version": { - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "coredns": { - "properties": { - "dnssec_ok": { - "type": "boolean" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - } - } - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "docker": { - "properties": { - "attrs": { - "type": "object" - }, - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "elasticsearch": { - "properties": { - "audit": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "indices": { - "ignore_above": 1024, - "type": "keyword" - }, - "layer": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "origin": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "request": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "params": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "deprecation": { - "type": "object" - }, - "gc": { - "properties": { - "heap": { - "properties": { - "size_kb": { - "type": "long" - }, - "used_kb": { - "type": "long" - } - } - }, - "jvm_runtime_sec": { - "type": "float" - }, - "old_gen": { - "properties": { - "size_kb": { - "type": "long" - }, - "used_kb": { - "type": "long" - } - } - }, - "phase": { - "properties": { - "class_unload_time_sec": { - "type": "float" - }, - "cpu_time": { - "properties": { - "real_sec": { - "type": "float" - }, - "sys_sec": { - "type": "float" - }, - "user_sec": { - "type": "float" - } - } - }, - "duration_sec": { - "type": "float" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "parallel_rescan_time_sec": { - "type": "float" - }, - "scrub_string_table_time_sec": { - "type": "float" - }, - "scrub_symbol_table_time_sec": { - "type": "float" - }, - "weak_refs_processing_time_sec": { - "type": "float" - } - } - }, - "stopping_threads_time_sec": { - "type": "float" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threads_total_stop_time_sec": { - "type": "float" - }, - "young_gen": { - "properties": { - "size_kb": { - "type": "long" - }, - "used_kb": { - "type": "long" - } - } - } - } - }, - "index": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "node": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "cluster": { - "type": "object" - }, - "gc": { - "properties": { - "collection_duration": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "observation_duration": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "overhead_seq": { - "type": "long" - }, - "young": { - "properties": { - "one": { - "type": "long" - }, - "two": { - "type": "long" - } - } - } - } - }, - "node": { - "type": "object" - }, - "stacktrace": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - } - } - }, - "shard": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "slowlog": { - "properties": { - "extra_source": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "routing": { - "ignore_above": 1024, - "type": "keyword" - }, - "search_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_query": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "ignore_above": 1024, - "type": "keyword" - }, - "took": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_hits": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_shards": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "types": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "envoyproxy": { - "properties": { - "authority": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxy_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "upstream_service_time": { - "type": "long" - } - } - }, - "error": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "target_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fileset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "first_char": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "haproxy": { - "properties": { - "backend_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "backend_queue": { - "type": "long" - }, - "bind_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes_read": { - "type": "long" - }, - "client": { - "type": "object" - }, - "connection_wait_time_ms": { - "type": "long" - }, - "connections": { - "properties": { - "active": { - "type": "long" - }, - "backend": { - "type": "long" - }, - "frontend": { - "type": "long" - }, - "retries": { - "type": "long" - }, - "server": { - "type": "long" - } - } - }, - "destination": { - "type": "object" - }, - "error_message": { - "norms": false, - "type": "text" - }, - "frontend_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "geoip": { - "type": "object" - }, - "http": { - "properties": { - "request": { - "properties": { - "captured_cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "captured_headers": { - "ignore_above": 1024, - "type": "keyword" - }, - "raw_request_line": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_wait_ms": { - "type": "long" - }, - "time_wait_without_data_ms": { - "type": "long" - } - } - }, - "response": { - "properties": { - "captured_cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "captured_headers": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_queue": { - "type": "long" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp": { - "properties": { - "connection_waiting_time_ms": { - "type": "long" - } - } - }, - "termination_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_backend_connect": { - "type": "long" - }, - "time_queue": { - "type": "long" - }, - "total_waiting_time_ms": { - "type": "long" - } - } - }, - "hash": { - "properties": { - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "icinga": { - "properties": { - "debug": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "main": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "startup": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "iis": { - "properties": { - "access": { - "properties": { - "cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "geoip": { - "type": "object" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "site_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_status": { - "type": "long" - }, - "user_agent": { - "type": "object" - }, - "win32_status": { - "type": "long" - } - } - }, - "error": { - "properties": { - "geoip": { - "type": "object" - }, - "queue_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason_phrase": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "iptables": { - "properties": { - "ether_type": { - "type": "long" - }, - "flow_label": { - "type": "long" - }, - "fragment_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment_offset": { - "type": "long" - }, - "icmp": { - "properties": { - "code": { - "type": "long" - }, - "id": { - "type": "long" - }, - "parameter": { - "type": "long" - }, - "redirect": { - "type": "ip" - }, - "seq": { - "type": "long" - }, - "type": { - "type": "long" - } - } - }, - "id": { - "type": "long" - }, - "incomplete_bytes": { - "type": "long" - }, - "input_device": { - "ignore_above": 1024, - "type": "keyword" - }, - "length": { - "type": "long" - }, - "output_device": { - "ignore_above": 1024, - "type": "keyword" - }, - "precedence_bits": { - "type": "short" - }, - "tcp": { - "properties": { - "ack": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "reserved_bits": { - "type": "short" - }, - "seq": { - "type": "long" - }, - "window": { - "type": "long" - } - } - }, - "tos": { - "type": "long" - }, - "ttl": { - "type": "long" - }, - "ubiquiti": { - "properties": { - "input_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "output_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_set": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "udp": { - "properties": { - "length": { - "type": "long" - } - } - } - } - }, - "jolokia": { - "properties": { - "agent": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "secured": { - "type": "boolean" - }, - "server": { - "properties": { - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kafka": { - "properties": { - "log": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "trace": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - } - } - } - } - } - } - }, - "kibana": { - "properties": { - "log": { - "properties": { - "meta": { - "properties": { - "error": { - "properties": { - "message": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "stack": { - "type": "keyword" - } - } - }, - "level": { - "type": "keyword" - }, - "req": { - "properties": { - "headers": { - "properties": { - "accept": { - "type": "keyword" - }, - "accept-encoding": { - "type": "keyword" - }, - "accept-language": { - "type": "keyword" - }, - "content-length": { - "type": "keyword" - }, - "content-type": { - "type": "keyword" - }, - "dnt": { - "type": "keyword" - }, - "host": { - "type": "keyword" - }, - "kbn-version": { - "type": "keyword" - }, - "origin": { - "type": "keyword" - }, - "x-forwarded-for": { - "type": "keyword" - }, - "x-forwarded-host": { - "type": "keyword" - }, - "x-forwarded-port": { - "type": "keyword" - }, - "x-forwarded-proto": { - "type": "keyword" - }, - "x-original-uri": { - "type": "keyword" - }, - "x-real-ip": { - "type": "keyword" - }, - "x-request-id": { - "type": "keyword" - }, - "x-scheme": { - "type": "keyword" - } - } - }, - "userAgent": { - "type": "keyword" - } - } - }, - "res": { - "type": "object" - }, - "type": { - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "kubernetes": { - "properties": { - "annotations": { - "type": "object" - }, - "container": { - "properties": { - "image": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "app": { - "ignore_above": 1024, - "type": "keyword" - }, - "chart": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-revision-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "heritage": { - "ignore_above": 1024, - "type": "keyword" - }, - "job-name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "release": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "statefulset_kubernetes_io/pod-name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "type": "object" - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "offset": { - "type": "long" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "logstash": { - "properties": { - "log": { - "properties": { - "log_event": { - "type": "object" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "thread": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "slowlog": { - "properties": { - "event": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "plugin_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "plugin_params": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "plugin_params_object": { - "type": "object" - }, - "plugin_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "thread": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "took_in_millis": { - "type": "long" - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "mongodb": { - "properties": { - "log": { - "properties": { - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "context": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "mssql": { - "properties": { - "log": { - "properties": { - "origin": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "mysql": { - "properties": { - "error": { - "type": "object" - }, - "slowlog": { - "properties": { - "bytes_received": { - "type": "long" - }, - "bytes_sent": { - "type": "long" - }, - "current_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "filesort": { - "type": "boolean" - }, - "filesort_on_disk": { - "type": "boolean" - }, - "full_join": { - "type": "boolean" - }, - "full_scan": { - "type": "boolean" - }, - "innodb": { - "properties": { - "io_r_bytes": { - "type": "long" - }, - "io_r_ops": { - "type": "long" - }, - "io_r_wait": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "pages_distinct": { - "type": "long" - }, - "queue_wait": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "rec_lock_wait": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "trx_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "killed": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_errno": { - "ignore_above": 1024, - "type": "keyword" - }, - "lock_time": { - "properties": { - "sec": { - "type": "float" - } - } - }, - "log_slow_rate_limit": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_slow_rate_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "merge_passes": { - "type": "long" - }, - "priority_queue": { - "type": "boolean" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_cache_hit": { - "type": "boolean" - }, - "read_first": { - "type": "long" - }, - "read_key": { - "type": "long" - }, - "read_last": { - "type": "long" - }, - "read_next": { - "type": "long" - }, - "read_prev": { - "type": "long" - }, - "read_rnd": { - "type": "long" - }, - "read_rnd_next": { - "type": "long" - }, - "rows_affected": { - "type": "long" - }, - "rows_examined": { - "type": "long" - }, - "rows_sent": { - "type": "long" - }, - "schema": { - "ignore_above": 1024, - "type": "keyword" - }, - "sort_merge_passes": { - "type": "long" - }, - "sort_range_count": { - "type": "long" - }, - "sort_rows": { - "type": "long" - }, - "sort_scan_count": { - "type": "long" - }, - "tmp_disk_tables": { - "type": "long" - }, - "tmp_table": { - "type": "boolean" - }, - "tmp_table_on_disk": { - "type": "boolean" - }, - "tmp_table_sizes": { - "type": "long" - }, - "tmp_tables": { - "type": "long" - } - } - }, - "thread_id": { - "type": "long" - } - } - }, - "nats": { - "properties": { - "log": { - "properties": { - "client": { - "properties": { - "id": { - "type": "long" - } - } - }, - "msg": { - "properties": { - "bytes": { - "type": "long" - }, - "error": { - "properties": { - "message": { - "norms": false, - "type": "text" - } - } - }, - "max_messages": { - "type": "long" - }, - "queue_group": { - "norms": false, - "type": "text" - }, - "reply_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "sid": { - "type": "long" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "network": { - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "nginx": { - "properties": { - "access": { - "properties": { - "body_sent": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geoip": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "properties": { - "lat": { - "type": "float" - }, - "lon": { - "type": "float" - } - } - } - } - }, - "http_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_ip": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_agent": { - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "error": { - "properties": { - "connection_id": { - "type": "long" - } - } - } - } - }, - "observer": { - "properties": { - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "osquery": { - "properties": { - "result": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "calendar_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "unix_time": { - "type": "long" - } - } - } - } - }, - "panw": { - "properties": { - "panos": { - "properties": { - "destination": { - "properties": { - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flow_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "nat": { - "properties": { - "community_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pcap_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence_number": { - "type": "long" - }, - "source": { - "properties": { - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "threat": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "postgresql": { - "properties": { - "log": { - "properties": { - "core_id": { - "type": "long" - }, - "database": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "process": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "program": { - "ignore_above": 1024, - "type": "keyword" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "working_directory": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rabbitmq": { - "properties": { - "log": { - "properties": { - "pid": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "read_timestamp": { - "ignore_above": 1024, - "type": "keyword" - }, - "redis": { - "properties": { - "log": { - "properties": { - "role": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "slowlog": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "cmd": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "type": "long" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "related": { - "properties": { - "ip": { - "type": "ip" - } - } - }, - "santa": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "decision": { - "ignore_above": 1024, - "type": "keyword" - }, - "disk": { - "properties": { - "bsdname": { - "ignore_above": 1024, - "type": "keyword" - }, - "bus": { - "ignore_above": 1024, - "type": "keyword" - }, - "fs": { - "ignore_above": 1024, - "type": "keyword" - }, - "model": { - "ignore_above": 1024, - "type": "keyword" - }, - "mount": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "volume": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "properties": { - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "stream": { - "ignore_above": 1024, - "type": "keyword" - }, - "suricata": { - "properties": { - "eve": { - "properties": { - "alert": { - "properties": { - "action": { - "path": "event.outcome", - "type": "alias" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "type": "long" - }, - "rev": { - "type": "long" - }, - "severity": { - "path": "event.severity", - "type": "alias" - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_id": { - "type": "long" - } - } - }, - "app_proto": { - "path": "network.protocol", - "type": "alias" - }, - "app_proto_expected": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_proto_orig": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_proto_tc": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_proto_ts": { - "ignore_above": 1024, - "type": "keyword" - }, - "dest_ip": { - "path": "destination.ip", - "type": "alias" - }, - "dest_port": { - "path": "destination.port", - "type": "alias" - }, - "dns": { - "properties": { - "id": { - "type": "long" - }, - "rcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "rdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "rrname": { - "ignore_above": 1024, - "type": "keyword" - }, - "rrtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "tx_id": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "properties": { - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "fileinfo": { - "properties": { - "filename": { - "path": "file.path", - "type": "alias" - }, - "gaps": { - "type": "boolean" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "path": "file.size", - "type": "alias" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "stored": { - "type": "boolean" - }, - "tx_id": { - "type": "long" - } - } - }, - "flags": { - "type": "object" - }, - "flow": { - "properties": { - "age": { - "type": "long" - }, - "alerted": { - "type": "boolean" - }, - "bytes_toclient": { - "path": "destination.bytes", - "type": "alias" - }, - "bytes_toserver": { - "path": "source.bytes", - "type": "alias" - }, - "end": { - "type": "date" - }, - "pkts_toclient": { - "path": "destination.packets", - "type": "alias" - }, - "pkts_toserver": { - "path": "source.packets", - "type": "alias" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "start": { - "path": "event.start", - "type": "alias" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flow_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "http": { - "properties": { - "hostname": { - "path": "url.domain", - "type": "alias" - }, - "http_content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_method": { - "path": "http.request.method", - "type": "alias" - }, - "http_refer": { - "path": "http.request.referrer", - "type": "alias" - }, - "http_user_agent": { - "path": "user_agent.original", - "type": "alias" - }, - "length": { - "path": "http.response.body.bytes", - "type": "alias" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "redirect": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "path": "http.response.status_code", - "type": "alias" - }, - "url": { - "path": "url.original", - "type": "alias" - } - } - }, - "icmp_code": { - "type": "long" - }, - "icmp_type": { - "type": "long" - }, - "in_iface": { - "ignore_above": 1024, - "type": "keyword" - }, - "pcap_cnt": { - "type": "long" - }, - "proto": { - "path": "network.transport", - "type": "alias" - }, - "smtp": { - "properties": { - "helo": { - "ignore_above": 1024, - "type": "keyword" - }, - "mail_from": { - "ignore_above": 1024, - "type": "keyword" - }, - "rcpt_to": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "src_ip": { - "path": "source.ip", - "type": "alias" - }, - "src_port": { - "path": "source.port", - "type": "alias" - }, - "ssh": { - "properties": { - "client": { - "properties": { - "proto_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "software_version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "proto_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "software_version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "stats": { - "properties": { - "app_layer": { - "properties": { - "flow": { - "properties": { - "dcerpc_tcp": { - "type": "long" - }, - "dcerpc_udp": { - "type": "long" - }, - "dns_tcp": { - "type": "long" - }, - "dns_udp": { - "type": "long" - }, - "failed_tcp": { - "type": "long" - }, - "failed_udp": { - "type": "long" - }, - "ftp": { - "type": "long" - }, - "http": { - "type": "long" - }, - "imap": { - "type": "long" - }, - "msn": { - "type": "long" - }, - "smb": { - "type": "long" - }, - "smtp": { - "type": "long" - }, - "ssh": { - "type": "long" - }, - "tls": { - "type": "long" - } - } - }, - "tx": { - "properties": { - "dcerpc_tcp": { - "type": "long" - }, - "dcerpc_udp": { - "type": "long" - }, - "dns_tcp": { - "type": "long" - }, - "dns_udp": { - "type": "long" - }, - "ftp": { - "type": "long" - }, - "http": { - "type": "long" - }, - "smb": { - "type": "long" - }, - "smtp": { - "type": "long" - }, - "ssh": { - "type": "long" - }, - "tls": { - "type": "long" - } - } - } - } - }, - "capture": { - "properties": { - "kernel_drops": { - "type": "long" - }, - "kernel_ifdrops": { - "type": "long" - }, - "kernel_packets": { - "type": "long" - } - } - }, - "decoder": { - "properties": { - "avg_pkt_size": { - "type": "long" - }, - "bytes": { - "type": "long" - }, - "dce": { - "properties": { - "pkt_too_small": { - "type": "long" - } - } - }, - "erspan": { - "type": "long" - }, - "ethernet": { - "type": "long" - }, - "gre": { - "type": "long" - }, - "icmpv4": { - "type": "long" - }, - "icmpv6": { - "type": "long" - }, - "ieee8021ah": { - "type": "long" - }, - "invalid": { - "type": "long" - }, - "ipraw": { - "properties": { - "invalid_ip_version": { - "type": "long" - } - } - }, - "ipv4": { - "type": "long" - }, - "ipv4_in_ipv6": { - "type": "long" - }, - "ipv6": { - "type": "long" - }, - "ipv6_in_ipv6": { - "type": "long" - }, - "ltnull": { - "properties": { - "pkt_too_small": { - "type": "long" - }, - "unsupported_type": { - "type": "long" - } - } - }, - "max_pkt_size": { - "type": "long" - }, - "mpls": { - "type": "long" - }, - "null": { - "type": "long" - }, - "pkts": { - "type": "long" - }, - "ppp": { - "type": "long" - }, - "pppoe": { - "type": "long" - }, - "raw": { - "type": "long" - }, - "sctp": { - "type": "long" - }, - "sll": { - "type": "long" - }, - "tcp": { - "type": "long" - }, - "teredo": { - "type": "long" - }, - "udp": { - "type": "long" - }, - "vlan": { - "type": "long" - }, - "vlan_qinq": { - "type": "long" - } - } - }, - "defrag": { - "properties": { - "ipv4": { - "properties": { - "fragments": { - "type": "long" - }, - "reassembled": { - "type": "long" - }, - "timeouts": { - "type": "long" - } - } - }, - "ipv6": { - "properties": { - "fragments": { - "type": "long" - }, - "reassembled": { - "type": "long" - }, - "timeouts": { - "type": "long" - } - } - }, - "max_frag_hits": { - "type": "long" - } - } - }, - "detect": { - "properties": { - "alert": { - "type": "long" - } - } - }, - "dns": { - "properties": { - "memcap_global": { - "type": "long" - }, - "memcap_state": { - "type": "long" - }, - "memuse": { - "type": "long" - } - } - }, - "file_store": { - "properties": { - "open_files": { - "type": "long" - } - } - }, - "flow": { - "properties": { - "emerg_mode_entered": { - "type": "long" - }, - "emerg_mode_over": { - "type": "long" - }, - "icmpv4": { - "type": "long" - }, - "icmpv6": { - "type": "long" - }, - "memcap": { - "type": "long" - }, - "memuse": { - "type": "long" - }, - "spare": { - "type": "long" - }, - "tcp": { - "type": "long" - }, - "tcp_reuse": { - "type": "long" - }, - "udp": { - "type": "long" - } - } - }, - "flow_mgr": { - "properties": { - "bypassed_pruned": { - "type": "long" - }, - "closed_pruned": { - "type": "long" - }, - "est_pruned": { - "type": "long" - }, - "flows_checked": { - "type": "long" - }, - "flows_notimeout": { - "type": "long" - }, - "flows_removed": { - "type": "long" - }, - "flows_timeout": { - "type": "long" - }, - "flows_timeout_inuse": { - "type": "long" - }, - "new_pruned": { - "type": "long" - }, - "rows_busy": { - "type": "long" - }, - "rows_checked": { - "type": "long" - }, - "rows_empty": { - "type": "long" - }, - "rows_maxlen": { - "type": "long" - }, - "rows_skipped": { - "type": "long" - } - } - }, - "http": { - "properties": { - "memcap": { - "type": "long" - }, - "memuse": { - "type": "long" - } - } - }, - "tcp": { - "properties": { - "insert_data_normal_fail": { - "type": "long" - }, - "insert_data_overlap_fail": { - "type": "long" - }, - "insert_list_fail": { - "type": "long" - }, - "invalid_checksum": { - "type": "long" - }, - "memuse": { - "type": "long" - }, - "no_flow": { - "type": "long" - }, - "overlap": { - "type": "long" - }, - "overlap_diff_data": { - "type": "long" - }, - "pseudo": { - "type": "long" - }, - "pseudo_failed": { - "type": "long" - }, - "reassembly_gap": { - "type": "long" - }, - "reassembly_memuse": { - "type": "long" - }, - "rst": { - "type": "long" - }, - "segment_memcap_drop": { - "type": "long" - }, - "sessions": { - "type": "long" - }, - "ssn_memcap_drop": { - "type": "long" - }, - "stream_depth_reached": { - "type": "long" - }, - "syn": { - "type": "long" - }, - "synack": { - "type": "long" - } - } - }, - "uptime": { - "type": "long" - } - } - }, - "tcp": { - "properties": { - "ack": { - "type": "boolean" - }, - "fin": { - "type": "boolean" - }, - "psh": { - "type": "boolean" - }, - "rst": { - "type": "boolean" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "syn": { - "type": "boolean" - }, - "tcp_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags_tc": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags_ts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timestamp": { - "path": "@timestamp", - "type": "alias" - }, - "tls": { - "properties": { - "fingerprint": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuerdn": { - "ignore_above": 1024, - "type": "keyword" - }, - "notafter": { - "type": "date" - }, - "notbefore": { - "type": "date" - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_resumed": { - "type": "boolean" - }, - "sni": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tx_id": { - "type": "long" - } - } - } - } - }, - "syslog": { - "properties": { - "facility": { - "type": "long" - }, - "facility_label": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "type": "long" - }, - "severity_label": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "auth": { - "properties": { - "groupadd": { - "type": "object" - }, - "ssh": { - "properties": { - "dropped_ip": { - "type": "ip" - }, - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "geoip": { - "type": "object" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sudo": { - "properties": { - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "error": { - "ignore_above": 1024, - "type": "keyword" - }, - "pwd": { - "ignore_above": 1024, - "type": "keyword" - }, - "tty": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "useradd": { - "properties": { - "home": { - "ignore_above": 1024, - "type": "keyword" - }, - "shell": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "syslog": { - "type": "object" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "temp": { - "type": "object" - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "traefik": { - "properties": { - "access": { - "properties": { - "backend_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "frontend_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "geoip": { - "properties": { - "city_name": { - "path": "source.geo.city_name", - "type": "alias" - }, - "continent_name": { - "path": "source.geo.continent_name", - "type": "alias" - }, - "country_iso_code": { - "path": "source.geo.country_iso_code", - "type": "alias" - }, - "location": { - "path": "source.geo.location", - "type": "alias" - }, - "region_iso_code": { - "path": "source.geo.region_iso_code", - "type": "alias" - }, - "region_name": { - "path": "source.geo.region_name", - "type": "alias" - } - } - }, - "request_count": { - "type": "long" - }, - "user_agent": { - "properties": { - "device": { - "path": "user_agent.device.name", - "type": "alias" - }, - "name": { - "path": "user_agent.name", - "type": "alias" - }, - "original": { - "path": "user_agent.original", - "type": "alias" - }, - "os": { - "path": "user_agent.os.full_name", - "type": "alias" - }, - "os_name": { - "path": "user_agent.os.name", - "type": "alias" - } - } - }, - "user_identifier": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "audit": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "effective": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "filesystem": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "saved": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "terminal": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zeek": { - "properties": { - "connection": { - "properties": { - "history": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner_vlan": { - "type": "long" - }, - "local_orig": { - "type": "boolean" - }, - "local_resp": { - "type": "boolean" - }, - "missed_bytes": { - "type": "long" - }, - "orig_l2_addr": { - "ignore_above": 1024, - "type": "keyword" - }, - "resp_l2_addr": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "type": "long" - } - } - }, - "dns": { - "properties": { - "AA": { - "type": "boolean" - }, - "RA": { - "type": "boolean" - }, - "RD": { - "type": "boolean" - }, - "TC": { - "type": "boolean" - }, - "TTLs": { - "type": "double" - }, - "answers": { - "ignore_above": 1024, - "type": "keyword" - }, - "qclass": { - "type": "long" - }, - "qclass_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "qtype": { - "type": "long" - }, - "qtype_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "rcode": { - "type": "long" - }, - "rcode_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "rejected": { - "type": "boolean" - }, - "rtt": { - "type": "double" - }, - "saw_query": { - "type": "boolean" - }, - "saw_reply": { - "type": "boolean" - }, - "total_answers": { - "type": "long" - }, - "total_replies": { - "type": "long" - }, - "trans_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "files": { - "properties": { - "analyzers": { - "ignore_above": 1024, - "type": "keyword" - }, - "depth": { - "type": "long" - }, - "duration": { - "type": "double" - }, - "entropy": { - "type": "double" - }, - "extracted": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_cutoff": { - "type": "boolean" - }, - "extracted_size": { - "type": "long" - }, - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_orig": { - "type": "boolean" - }, - "local_orig": { - "type": "boolean" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "missing_bytes": { - "type": "long" - }, - "overflow_bytes": { - "type": "long" - }, - "parent_fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "rx_host": { - "type": "ip" - }, - "seen_bytes": { - "type": "long" - }, - "session_ids": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "timedout": { - "type": "boolean" - }, - "total_bytes": { - "type": "long" - }, - "tx_host": { - "type": "ip" - } - } - }, - "fnotice": { - "properties": { - "file": { - "properties": { - "total_bytes": { - "type": "long" - } - } - } - } - }, - "http": { - "properties": { - "captured_password": { - "type": "boolean" - }, - "client_header_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "info_code": { - "type": "long" - }, - "info_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_filenames": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_mime_depth": { - "type": "long" - }, - "orig_mime_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxied": { - "ignore_above": 1024, - "type": "keyword" - }, - "range_request": { - "type": "boolean" - }, - "resp_filenames": { - "ignore_above": 1024, - "type": "keyword" - }, - "resp_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "resp_mime_depth": { - "type": "long" - }, - "resp_mime_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_header_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "trans_depth": { - "type": "long" - } - } - }, - "notice": { - "properties": { - "actions": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped": { - "type": "boolean" - }, - "email_body_sections": { - "norms": false, - "type": "text" - }, - "email_delay_tokens": { - "ignore_above": 1024, - "type": "keyword" - }, - "file": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_orig": { - "type": "boolean" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "missing_bytes": { - "type": "long" - }, - "overflow_bytes": { - "type": "long" - }, - "parent_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "seen_bytes": { - "type": "long" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "n": { - "type": "long" - }, - "note": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer_descr": { - "norms": false, - "type": "text" - }, - "peer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub": { - "ignore_above": 1024, - "type": "keyword" - }, - "suppress_for": { - "type": "double" - } - } - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssl": { - "properties": { - "cert_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_chain_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_cert_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_cert_chain_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "validation_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "validation_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "number_of_replicas": "0", - "number_of_shards": "1", - "query": { - "default_field": [ - "beat.*", - "type", - "tags", - "meta.*", - "message" - ] - } - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "metricbeat-2019.07.10", - "mappings": { - "_meta": { - "beat": "metricbeat", - "version": "8.0.0" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "aws.tags.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "aws.tags.*" - } - }, - { - "aws.cloudwatch.metrics.*": { - "mapping": { - "type": "double" - }, - "path_match": "aws.cloudwatch.metrics.*" - } - }, - { - "aws.cloudwatch.dimensions.*": { - "mapping": { - "type": "keyword" - }, - "path_match": "aws.cloudwatch.dimensions.*" - } - }, - { - "coredns.stats.dns.request.duration.ns.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "coredns.stats.dns.request.duration.ns.bucket.*" - } - }, - { - "coredns.stats.dns.request.size.bytes.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "coredns.stats.dns.request.size.bytes.bucket.*" - } - }, - { - "coredns.stats.dns.response.size.bytes.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "coredns.stats.dns.response.size.bytes.bucket.*" - } - }, - { - "docker.cpu.core.*.pct": { - "mapping": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "path_match": "docker.cpu.core.*.pct" - } - }, - { - "docker.cpu.core.*.ticks": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "docker.cpu.core.*.ticks" - } - }, - { - "docker.event.actor.attributes": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.event.actor.attributes.*" - } - }, - { - "docker.image.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.image.labels.*" - } - }, - { - "etcd.disk.wal_fsync_duration.ns.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "etcd.disk.wal_fsync_duration.ns.bucket.*" - } - }, - { - "etcd.disk.backend_commit_duration.ns.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "etcd.disk.backend_commit_duration.ns.bucket.*" - } - }, - { - "kubernetes.apiserver.request.latency.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.apiserver.request.latency.bucket.*" - } - }, - { - "kubernetes.controllermanager.http.request.duration.us.percentile.*": { - "mapping": { - "type": "double" - }, - "match_mapping_type": "double", - "path_match": "kubernetes.controllermanager.http.request.duration.us.percentile.*" - } - }, - { - "kubernetes.controllermanager.http.request.size.bytes.percentile.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.controllermanager.http.request.size.bytes.percentile.*" - } - }, - { - "kubernetes.controllermanager.http.response.size.bytes.percentile.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.controllermanager.http.response.size.bytes.percentile.*" - } - }, - { - "kubernetes.proxy.http.request.duration.us.percentile.*": { - "mapping": { - "type": "double" - }, - "match_mapping_type": "double", - "path_match": "kubernetes.proxy.http.request.duration.us.percentile.*" - } - }, - { - "kubernetes.proxy.http.request.size.bytes.percentile.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.proxy.http.request.size.bytes.percentile.*" - } - }, - { - "kubernetes.proxy.http.response.size.bytes.percentile.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.proxy.http.response.size.bytes.percentile.*" - } - }, - { - "kubernetes.proxy.sync.rules.duration.us.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.proxy.sync.rules.duration.us.bucket.*" - } - }, - { - "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.proxy.sync.networkprogramming.duration.us.bucket.*" - } - }, - { - "kubernetes.scheduler.http.request.duration.us.percentile.*": { - "mapping": { - "type": "double" - }, - "match_mapping_type": "double", - "path_match": "kubernetes.scheduler.http.request.duration.us.percentile.*" - } - }, - { - "kubernetes.scheduler.http.request.size.bytes.percentile.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.scheduler.http.request.size.bytes.percentile.*" - } - }, - { - "kubernetes.scheduler.http.response.size.bytes.percentile.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.scheduler.http.response.size.bytes.percentile.*" - } - }, - { - "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "kubernetes.scheduler.scheduling.e2e.duration.us.bucket.*" - } - }, - { - "kubernetes.scheduler.scheduling.duration.seconds.percentile.*": { - "mapping": { - "type": "double" - }, - "match_mapping_type": "double", - "path_match": "kubernetes.scheduler.scheduling.duration.seconds.percentile.*" - } - }, - { - "munin.metrics.*": { - "mapping": { - "type": "double" - }, - "path_match": "munin.metrics.*" - } - }, - { - "prometheus.labels.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "prometheus.labels.*" - } - }, - { - "prometheus.metrics.*": { - "mapping": { - "type": "double" - }, - "path_match": "prometheus.metrics.*" - } - }, - { - "system.process.env": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "system.process.env.*" - } - }, - { - "system.process.cgroup.cpuacct.percpu": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "system.process.cgroup.cpuacct.percpu.*" - } - }, - { - "system.raid.disks.states.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "system.raid.disks.states.*" - } - }, - { - "traefik.health.response.status_codes.*": { - "mapping": { - "type": "long" - }, - "match_mapping_type": "long", - "path_match": "traefik.health.response.status_codes.*" - } - }, - { - "vsphere.virtualmachine.custom_fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "vsphere.virtualmachine.custom_fields.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "aerospike": { - "properties": { - "namespace": { - "properties": { - "client": { - "properties": { - "delete": { - "properties": { - "error": { - "type": "long" - }, - "not_found": { - "type": "long" - }, - "success": { - "type": "long" - }, - "timeout": { - "type": "long" - } - } - }, - "read": { - "properties": { - "error": { - "type": "long" - }, - "not_found": { - "type": "long" - }, - "success": { - "type": "long" - }, - "timeout": { - "type": "long" - } - } - }, - "write": { - "properties": { - "error": { - "type": "long" - }, - "success": { - "type": "long" - }, - "timeout": { - "type": "long" - } - } - } - } - }, - "device": { - "properties": { - "available": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "free": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "hwm_breached": { - "type": "boolean" - }, - "memory": { - "properties": { - "free": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "used": { - "properties": { - "data": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "index": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "sindex": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "objects": { - "properties": { - "master": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "stop_writes": { - "type": "boolean" - } - } - } - } - }, - "agent": { - "properties": { - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "apache": { - "properties": { - "status": { - "properties": { - "bytes_per_request": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "bytes_per_sec": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "connections": { - "properties": { - "async": { - "properties": { - "closing": { - "type": "long" - }, - "keep_alive": { - "type": "long" - }, - "writing": { - "type": "long" - } - } - }, - "total": { - "type": "long" - } - } - }, - "cpu": { - "properties": { - "children_system": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_user": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "system": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "load": { - "properties": { - "1": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "15": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "5": { - "scaling_factor": 100, - "type": "scaled_float" - } - } - }, - "requests_per_sec": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "scoreboard": { - "properties": { - "closing_connection": { - "type": "long" - }, - "dns_lookup": { - "type": "long" - }, - "gracefully_finishing": { - "type": "long" - }, - "idle_cleanup": { - "type": "long" - }, - "keepalive": { - "type": "long" - }, - "logging": { - "type": "long" - }, - "open_slot": { - "type": "long" - }, - "reading_request": { - "type": "long" - }, - "sending_reply": { - "type": "long" - }, - "starting_up": { - "type": "long" - }, - "total": { - "type": "long" - }, - "waiting_for_connection": { - "type": "long" - } - } - }, - "total_accesses": { - "type": "long" - }, - "total_kbytes": { - "type": "long" - }, - "uptime": { - "properties": { - "server_uptime": { - "type": "long" - }, - "uptime": { - "type": "long" - } - } - }, - "workers": { - "properties": { - "busy": { - "type": "long" - }, - "idle": { - "type": "long" - } - } - } - } - } - } - }, - "aws": { - "properties": { - "cloudwatch": { - "properties": { - "dimensions": { - "properties": { - "*": { - "type": "object" - } - } - }, - "metrics": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ec2": { - "properties": { - "cpu": { - "properties": { - "credit_balance": { - "type": "long" - }, - "credit_usage": { - "type": "long" - }, - "surplus_credit_balance": { - "type": "long" - }, - "surplus_credits_charged": { - "type": "long" - }, - "total": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "diskio": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - }, - "ops": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - }, - "ops": { - "type": "long" - } - } - } - } - }, - "instance": { - "properties": { - "core": { - "properties": { - "count": { - "type": "long" - } - } - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "monitoring": { - "properties": { - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "private": { - "properties": { - "dns_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "public": { - "properties": { - "dns_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "state": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "threads_per_core": { - "type": "long" - } - } - }, - "network": { - "properties": { - "in": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "out": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "status": { - "properties": { - "check_failed": { - "type": "long" - }, - "check_failed_instance": { - "type": "long" - }, - "check_failed_system": { - "type": "long" - } - } - } - } - }, - "rds": { - "properties": { - "cpu": { - "properties": { - "credit_balance": { - "type": "long" - }, - "credit_usage": { - "type": "long" - }, - "total": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "database_connections": { - "type": "long" - }, - "db_instance": { - "properties": { - "arn": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deadlocks": { - "type": "long" - }, - "disk_queue_depth": { - "type": "long" - }, - "disk_usage": { - "properties": { - "bin_log": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "replication_slot": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "transaction_logs": { - "properties": { - "mb": { - "type": "long" - } - } - } - } - }, - "failed_sql_server_agent_jobs": { - "type": "long" - }, - "free_local_storage": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "free_storage": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "freeable_memory": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "latency": { - "properties": { - "commit": { - "type": "long" - }, - "ddl": { - "type": "long" - }, - "dml": { - "type": "long" - }, - "insert": { - "type": "long" - }, - "read": { - "type": "long" - }, - "select": { - "type": "long" - }, - "update": { - "type": "long" - }, - "write": { - "type": "long" - } - } - }, - "login_failures": { - "type": "long" - }, - "maximum_used_transaction_ids": { - "type": "long" - }, - "oldest_replication_slot_lag": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "queries": { - "type": "long" - }, - "read_io": { - "properties": { - "ops_per_sec": { - "type": "float" - } - } - }, - "replica_lag": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "swap_usage": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "throughput": { - "properties": { - "commit": { - "type": "long" - }, - "ddl": { - "type": "long" - }, - "delete": { - "type": "long" - }, - "dml": { - "type": "long" - }, - "insert": { - "type": "long" - }, - "network": { - "type": "long" - }, - "network_receive": { - "type": "long" - }, - "network_transmit": { - "type": "long" - }, - "read": { - "type": "long" - }, - "select": { - "type": "long" - }, - "update": { - "type": "long" - }, - "write": { - "type": "long" - } - } - }, - "transaction_logs_generation": { - "type": "long" - }, - "transactions": { - "properties": { - "active": { - "type": "long" - }, - "blocked": { - "type": "long" - } - } - }, - "volume_used": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write_io": { - "properties": { - "ops_per_sec": { - "type": "float" - } - } - } - } - }, - "s3_daily_storage": { - "properties": { - "bucket": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "number_of_objects": { - "type": "long" - } - } - }, - "s3_request": { - "properties": { - "bucket": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "downloaded": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "errors": { - "properties": { - "4xx": { - "type": "long" - }, - "5xx": { - "type": "long" - } - } - }, - "latency": { - "properties": { - "first_byte": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "total_request": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "requests": { - "properties": { - "delete": { - "type": "long" - }, - "get": { - "type": "long" - }, - "head": { - "type": "long" - }, - "list": { - "type": "long" - }, - "post": { - "type": "long" - }, - "put": { - "type": "long" - }, - "select": { - "type": "long" - }, - "select_returned": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "select_scanned": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "type": "long" - } - } - }, - "uploaded": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "sqs": { - "properties": { - "empty_receives": { - "type": "long" - }, - "messages": { - "properties": { - "delayed": { - "type": "long" - }, - "deleted": { - "type": "long" - }, - "not_visible": { - "type": "long" - }, - "received": { - "type": "long" - }, - "sent": { - "type": "long" - }, - "visible": { - "type": "long" - } - } - }, - "oldest_message_age": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sent_message_size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "tags": { - "properties": { - "*": { - "type": "object" - } - } - } - } - }, - "beat": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "properties": { - "management": { - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "module": { - "properties": { - "count": { - "type": "long" - } - } - }, - "output": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "queue": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "stats": { - "properties": { - "libbeat": { - "properties": { - "output": { - "properties": { - "events": { - "properties": { - "acked": { - "type": "long" - }, - "active": { - "type": "long" - }, - "batches": { - "type": "long" - }, - "dropped": { - "type": "long" - }, - "duplicates": { - "type": "long" - }, - "failed": { - "type": "long" - }, - "toomany": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "read": { - "properties": { - "bytes": { - "type": "long" - }, - "errors": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "write": { - "properties": { - "bytes": { - "type": "long" - }, - "errors": { - "type": "long" - } - } - } - } - } - } - }, - "runtime": { - "properties": { - "goroutines": { - "type": "long" - } - } - }, - "uptime": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ceph": { - "properties": { - "cluster_disk": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "cluster_health": { - "properties": { - "overall_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "timechecks": { - "properties": { - "epoch": { - "type": "long" - }, - "round": { - "properties": { - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "type": "long" - } - } - } - } - } - } - }, - "cluster_status": { - "properties": { - "degraded": { - "properties": { - "objects": { - "type": "long" - }, - "ratio": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total": { - "type": "long" - } - } - }, - "misplace": { - "properties": { - "objects": { - "type": "long" - }, - "ratio": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total": { - "type": "long" - } - } - }, - "osd": { - "properties": { - "epoch": { - "type": "long" - }, - "full": { - "type": "boolean" - }, - "nearfull": { - "type": "boolean" - }, - "num_in_osds": { - "type": "long" - }, - "num_osds": { - "type": "long" - }, - "num_remapped_pgs": { - "type": "long" - }, - "num_up_osds": { - "type": "long" - } - } - }, - "pg": { - "properties": { - "avail_bytes": { - "type": "long" - }, - "data_bytes": { - "type": "long" - }, - "total_bytes": { - "type": "long" - }, - "used_bytes": { - "type": "long" - } - } - }, - "pg_state": { - "properties": { - "count": { - "type": "long" - }, - "state_name": { - "type": "long" - }, - "version": { - "type": "long" - } - } - }, - "traffic": { - "properties": { - "read_bytes": { - "type": "long" - }, - "read_op_per_sec": { - "type": "long" - }, - "write_bytes": { - "type": "long" - }, - "write_op_per_sec": { - "type": "long" - } - } - }, - "version": { - "type": "long" - } - } - }, - "monitor_health": { - "properties": { - "available": { - "properties": { - "kb": { - "type": "long" - }, - "pct": { - "type": "long" - } - } - }, - "health": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_updated": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "store_stats": { - "properties": { - "last_updated": { - "type": "long" - }, - "log": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "misc": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "sst": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "total": { - "properties": { - "kb": { - "type": "long" - } - } - }, - "used": { - "properties": { - "kb": { - "type": "long" - } - } - } - } - }, - "osd_df": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "device_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pg_num": { - "type": "long" - }, - "total": { - "properties": { - "byte": { - "type": "long" - } - } - }, - "used": { - "properties": { - "byte": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "osd_tree": { - "properties": { - "children": { - "ignore_above": 1024, - "type": "keyword" - }, - "crush_weight": { - "type": "float" - }, - "depth": { - "type": "long" - }, - "device_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "father": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "primary_affinity": { - "type": "float" - }, - "reweight": { - "type": "long" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "type_id": { - "type": "long" - } - } - }, - "pool_disk": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "objects": { - "type": "long" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "kb": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cockroachdb": { - "type": "object" - }, - "consul": { - "properties": { - "agent": { - "properties": { - "autopilot": { - "properties": { - "healthy": { - "type": "boolean" - } - } - }, - "runtime": { - "properties": { - "alloc": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "garbage_collector": { - "properties": { - "pause": { - "properties": { - "current": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "total": { - "properties": { - "ns": { - "type": "long" - } - } - } - } - }, - "runs": { - "type": "long" - } - } - }, - "goroutines": { - "type": "long" - }, - "heap_objects": { - "type": "long" - }, - "malloc_count": { - "type": "long" - }, - "sys": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "container": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "annotation_checksum/configmap": { - "type": "keyword" - }, - "annotation_checksum/health": { - "type": "keyword" - }, - "annotation_checksum/secret": { - "type": "keyword" - }, - "annotation_configchecksum": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_hash": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_ports": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_restartCount": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_terminationMessagePath": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_terminationMessagePolicy": { - "type": "keyword" - }, - "annotation_io_kubernetes_pod_terminationGracePeriod": { - "type": "keyword" - }, - "annotation_kubernetes_io/config_hash": { - "type": "keyword" - }, - "annotation_kubernetes_io/config_seen": { - "type": "keyword" - }, - "annotation_kubernetes_io/config_source": { - "type": "keyword" - }, - "annotation_kubernetes_io/limit-ranger": { - "type": "keyword" - }, - "annotation_scheduler_alpha_kubernetes_io/critical-pod": { - "type": "keyword" - }, - "annotation_seccomp_security_alpha_kubernetes_io/pod": { - "type": "keyword" - }, - "app": { - "type": "keyword" - }, - "chart": { - "type": "keyword" - }, - "com_docker_compose_config-hash": { - "type": "keyword" - }, - "com_docker_compose_container-number": { - "type": "keyword" - }, - "com_docker_compose_oneoff": { - "type": "keyword" - }, - "com_docker_compose_project": { - "type": "keyword" - }, - "com_docker_compose_service": { - "type": "keyword" - }, - "com_docker_compose_version": { - "type": "keyword" - }, - "component": { - "type": "keyword" - }, - "controller-revision-hash": { - "type": "keyword" - }, - "controller-uid": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "heritage": { - "type": "keyword" - }, - "io_kubernetes_container_logpath": { - "type": "keyword" - }, - "io_kubernetes_container_name": { - "type": "keyword" - }, - "io_kubernetes_docker_type": { - "type": "keyword" - }, - "io_kubernetes_pod_name": { - "type": "keyword" - }, - "io_kubernetes_pod_namespace": { - "type": "keyword" - }, - "io_kubernetes_pod_uid": { - "type": "keyword" - }, - "io_kubernetes_sandbox_id": { - "type": "keyword" - }, - "job-name": { - "type": "keyword" - }, - "k8s-app": { - "type": "keyword" - }, - "kubernetes_io/cluster-service": { - "type": "keyword" - }, - "license": { - "type": "keyword" - }, - "maintainer": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "org_label-schema_build-date": { - "type": "keyword" - }, - "org_label-schema_license": { - "type": "keyword" - }, - "org_label-schema_name": { - "type": "keyword" - }, - "org_label-schema_schema-version": { - "type": "keyword" - }, - "org_label-schema_url": { - "type": "keyword" - }, - "org_label-schema_vcs-ref": { - "type": "keyword" - }, - "org_label-schema_vcs-url": { - "type": "keyword" - }, - "org_label-schema_vendor": { - "type": "keyword" - }, - "org_label-schema_version": { - "type": "keyword" - }, - "pod-template-generation": { - "type": "keyword" - }, - "pod-template-hash": { - "type": "keyword" - }, - "release": { - "type": "keyword" - }, - "role": { - "type": "keyword" - }, - "service": { - "type": "keyword" - }, - "statefulset_kubernetes_io/pod-name": { - "type": "keyword" - }, - "tier": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "coredns": { - "properties": { - "stats": { - "properties": { - "dns": { - "properties": { - "cache": { - "properties": { - "hits": { - "properties": { - "count": { - "type": "long" - } - } - }, - "misses": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "request": { - "properties": { - "count": { - "type": "long" - }, - "do": { - "properties": { - "count": { - "type": "long" - } - } - }, - "duration": { - "properties": { - "ns": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - }, - "size": { - "properties": { - "bytes": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - }, - "type": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "response": { - "properties": { - "rcode": { - "properties": { - "count": { - "type": "long" - } - } - }, - "size": { - "properties": { - "bytes": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "panic": { - "properties": { - "count": { - "type": "long" - } - } - }, - "proto": { - "ignore_above": 1024, - "type": "keyword" - }, - "rcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "server": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "couchbase": { - "properties": { - "bucket": { - "properties": { - "data": { - "properties": { - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "disk": { - "properties": { - "fetches": { - "type": "long" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "item_count": { - "type": "long" - }, - "memory": { - "properties": { - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ops_per_sec": { - "type": "long" - }, - "quota": { - "properties": { - "ram": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "use": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cluster": { - "properties": { - "hdd": { - "properties": { - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "quota": { - "properties": { - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "by_data": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "value": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "max_bucket_count": { - "type": "long" - }, - "quota": { - "properties": { - "index_memory": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "mb": { - "type": "long" - } - } - } - } - }, - "ram": { - "properties": { - "quota": { - "properties": { - "total": { - "properties": { - "per_node": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "value": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "used": { - "properties": { - "per_node": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "value": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "by_data": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "value": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "node": { - "properties": { - "cmd_get": { - "type": "long" - }, - "couch": { - "properties": { - "docs": { - "properties": { - "data_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "disk_size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "spatial": { - "properties": { - "data_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "disk_size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "views": { - "properties": { - "data_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "disk_size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "cpu_utilization_rate": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "current_items": { - "properties": { - "total": { - "type": "long" - }, - "value": { - "type": "long" - } - } - }, - "ep_bg_fetched": { - "type": "long" - }, - "get_hits": { - "type": "long" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "mcd_memory": { - "properties": { - "allocated": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "reserved": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "ops": { - "type": "long" - }, - "swap": { - "properties": { - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "uptime": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "vb_replica_curr_items": { - "type": "long" - } - } - } - } - }, - "couchdb": { - "properties": { - "server": { - "properties": { - "couchdb": { - "properties": { - "auth_cache_hits": { - "type": "long" - }, - "auth_cache_misses": { - "type": "long" - }, - "database_reads": { - "type": "long" - }, - "database_writes": { - "type": "long" - }, - "open_databases": { - "type": "long" - }, - "open_os_files": { - "type": "long" - }, - "request_time": { - "type": "long" - } - } - }, - "httpd": { - "properties": { - "bulk_requests": { - "type": "long" - }, - "clients_requesting_changes": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "temporary_view_reads": { - "type": "long" - }, - "view_reads": { - "type": "long" - } - } - }, - "httpd_request_methods": { - "properties": { - "COPY": { - "type": "long" - }, - "DELETE": { - "type": "long" - }, - "GET": { - "type": "long" - }, - "HEAD": { - "type": "long" - }, - "POST": { - "type": "long" - }, - "PUT": { - "type": "long" - } - } - }, - "httpd_status_codes": { - "properties": { - "200": { - "type": "long" - }, - "201": { - "type": "long" - }, - "202": { - "type": "long" - }, - "301": { - "type": "long" - }, - "304": { - "type": "long" - }, - "400": { - "type": "long" - }, - "401": { - "type": "long" - }, - "403": { - "type": "long" - }, - "404": { - "type": "long" - }, - "405": { - "type": "long" - }, - "409": { - "type": "long" - }, - "412": { - "type": "long" - }, - "500": { - "type": "long" - } - } - } - } - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "ip_addresses": { - "type": "ip" - }, - "labels": { - "properties": { - "annotation_checksum/configmap": { - "type": "keyword" - }, - "annotation_checksum/health": { - "type": "keyword" - }, - "annotation_checksum/secret": { - "type": "keyword" - }, - "annotation_configchecksum": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_hash": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_ports": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_restartCount": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_terminationMessagePath": { - "type": "keyword" - }, - "annotation_io_kubernetes_container_terminationMessagePolicy": { - "type": "keyword" - }, - "annotation_io_kubernetes_pod_terminationGracePeriod": { - "type": "keyword" - }, - "annotation_kubernetes_io/config_hash": { - "type": "keyword" - }, - "annotation_kubernetes_io/config_seen": { - "type": "keyword" - }, - "annotation_kubernetes_io/config_source": { - "type": "keyword" - }, - "annotation_kubernetes_io/limit-ranger": { - "type": "keyword" - }, - "annotation_scheduler_alpha_kubernetes_io/critical-pod": { - "type": "keyword" - }, - "annotation_seccomp_security_alpha_kubernetes_io/pod": { - "type": "keyword" - }, - "app": { - "type": "keyword" - }, - "chart": { - "type": "keyword" - }, - "com_docker_compose_config-hash": { - "type": "keyword" - }, - "com_docker_compose_container-number": { - "type": "keyword" - }, - "com_docker_compose_oneoff": { - "type": "keyword" - }, - "com_docker_compose_project": { - "type": "keyword" - }, - "com_docker_compose_service": { - "type": "keyword" - }, - "com_docker_compose_version": { - "type": "keyword" - }, - "component": { - "type": "keyword" - }, - "controller-revision-hash": { - "type": "keyword" - }, - "controller-uid": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "heritage": { - "type": "keyword" - }, - "io_kubernetes_container_logpath": { - "type": "keyword" - }, - "io_kubernetes_container_name": { - "type": "keyword" - }, - "io_kubernetes_docker_type": { - "type": "keyword" - }, - "io_kubernetes_pod_name": { - "type": "keyword" - }, - "io_kubernetes_pod_namespace": { - "type": "keyword" - }, - "io_kubernetes_pod_uid": { - "type": "keyword" - }, - "io_kubernetes_sandbox_id": { - "type": "keyword" - }, - "job-name": { - "type": "keyword" - }, - "k8s-app": { - "type": "keyword" - }, - "kubernetes_io/cluster-service": { - "type": "keyword" - }, - "license": { - "type": "keyword" - }, - "maintainer": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "org_label-schema_build-date": { - "type": "keyword" - }, - "org_label-schema_license": { - "type": "keyword" - }, - "org_label-schema_name": { - "type": "keyword" - }, - "org_label-schema_schema-version": { - "type": "keyword" - }, - "org_label-schema_url": { - "type": "keyword" - }, - "org_label-schema_vcs-ref": { - "type": "keyword" - }, - "org_label-schema_vcs-url": { - "type": "keyword" - }, - "org_label-schema_vendor": { - "type": "keyword" - }, - "org_label-schema_version": { - "type": "keyword" - }, - "pod-template-generation": { - "type": "keyword" - }, - "pod-template-hash": { - "type": "keyword" - }, - "release": { - "type": "keyword" - }, - "role": { - "type": "keyword" - }, - "service": { - "type": "keyword" - }, - "statefulset_kubernetes_io/pod-name": { - "type": "keyword" - }, - "tier": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "size": { - "properties": { - "root_fs": { - "type": "long" - }, - "rw": { - "type": "long" - } - } - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cpu": { - "properties": { - "core": { - "properties": { - "*": { - "properties": { - "pct": { - "type": "object" - }, - "ticks": { - "type": "object" - } - } - }, - "0": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "1": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "2": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "3": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - } - } - }, - "kernel": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "system": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "total": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "user": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - } - } - }, - "diskio": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - }, - "ops": { - "type": "long" - }, - "rate": { - "type": "long" - } - } - }, - "reads": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "summary": { - "properties": { - "bytes": { - "type": "long" - }, - "ops": { - "type": "long" - }, - "rate": { - "type": "long" - } - } - }, - "total": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "write": { - "properties": { - "bytes": { - "type": "long" - }, - "ops": { - "type": "long" - }, - "rate": { - "type": "long" - } - } - }, - "writes": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "actor": { - "properties": { - "attributes": { - "type": "object" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "from": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "healthcheck": { - "properties": { - "event": { - "properties": { - "end_date": { - "type": "date" - }, - "exit_code": { - "type": "long" - }, - "output": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_date": { - "type": "date" - } - } - }, - "failingstreak": { - "type": "long" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "image": { - "properties": { - "created": { - "type": "date" - }, - "id": { - "properties": { - "current": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "size": { - "properties": { - "regular": { - "type": "long" - }, - "virtual": { - "type": "long" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "info": { - "properties": { - "containers": { - "properties": { - "paused": { - "type": "long" - }, - "running": { - "type": "long" - }, - "stopped": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "images": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "commit": { - "properties": { - "peak": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "fail": { - "properties": { - "count": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "limit": { - "type": "long" - }, - "private_working_set": { - "properties": { - "total": { - "type": "long" - } - } - }, - "rss": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "max": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total": { - "type": "long" - } - } - } - } - }, - "network": { - "properties": { - "in": { - "properties": { - "bytes": { - "type": "long" - }, - "dropped": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "errors": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "inbound": { - "properties": { - "bytes": { - "type": "long" - }, - "dropped": { - "type": "long" - }, - "errors": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "out": { - "properties": { - "bytes": { - "type": "long" - }, - "dropped": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "errors": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "outbound": { - "properties": { - "bytes": { - "type": "long" - }, - "dropped": { - "type": "long" - }, - "errors": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - } - } - }, - "dropwizard": { - "type": "object" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "elasticsearch": { - "properties": { - "ccr": { - "properties": { - "follower": { - "properties": { - "global_checkpoint": { - "type": "long" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "operations_written": { - "type": "long" - }, - "shard": { - "properties": { - "number": { - "type": "long" - } - } - }, - "time_since_last_read": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "leader": { - "properties": { - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "max_seq_no": { - "type": "long" - } - } - } - } - }, - "cluster": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pending_task": { - "properties": { - "insert_order": { - "type": "long" - }, - "priority": { - "type": "long" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_in_queue": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "state": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "stats": { - "properties": { - "indices": { - "properties": { - "count": { - "type": "long" - }, - "fielddata": { - "properties": { - "memory": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "shards": { - "properties": { - "count": { - "type": "long" - }, - "primaries": { - "type": "long" - } - } - } - } - }, - "nodes": { - "properties": { - "count": { - "type": "long" - }, - "data": { - "type": "long" - }, - "master": { - "type": "long" - } - } - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "index": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "recovery": { - "properties": { - "id": { - "type": "long" - }, - "primary": { - "type": "boolean" - }, - "source": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "stage": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "summary": { - "properties": { - "primaries": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - }, - "deleted": { - "type": "long" - } - } - }, - "segments": { - "properties": { - "count": { - "type": "long" - }, - "memory": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "store": { - "properties": { - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "total": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - }, - "deleted": { - "type": "long" - } - } - }, - "segments": { - "properties": { - "count": { - "type": "long" - }, - "memory": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "store": { - "properties": { - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "total": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - }, - "deleted": { - "type": "long" - } - } - }, - "segments": { - "properties": { - "count": { - "type": "long" - }, - "memory": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "store": { - "properties": { - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "ml": { - "properties": { - "job": { - "properties": { - "data_counts": { - "properties": { - "invalid_date_count": { - "type": "long" - }, - "processed_record_count": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "node": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "jvm": { - "properties": { - "memory": { - "properties": { - "heap": { - "properties": { - "init": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "nonheap": { - "properties": { - "init": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "properties": { - "mlockall": { - "type": "boolean" - } - } - }, - "stats": { - "properties": { - "fs": { - "properties": { - "summary": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "indices": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - }, - "deleted": { - "type": "long" - } - } - }, - "segments": { - "properties": { - "count": { - "type": "long" - }, - "memory": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "store": { - "properties": { - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "jvm": { - "properties": { - "gc": { - "properties": { - "collectors": { - "properties": { - "old": { - "properties": { - "collection": { - "properties": { - "count": { - "type": "long" - }, - "ms": { - "type": "long" - } - } - } - } - }, - "young": { - "properties": { - "collection": { - "properties": { - "count": { - "type": "long" - }, - "ms": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "mem": { - "properties": { - "pools": { - "properties": { - "old": { - "properties": { - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "peak": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "peak_max": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "survivor": { - "properties": { - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "peak": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "peak_max": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "young": { - "properties": { - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "peak": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "peak_max": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "shard": { - "properties": { - "number": { - "type": "long" - }, - "primary": { - "type": "boolean" - }, - "relocating_node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "envoyproxy": { - "properties": { - "server": { - "properties": { - "cluster_manager": { - "properties": { - "active_clusters": { - "type": "long" - }, - "cluster_added": { - "type": "long" - }, - "cluster_modified": { - "type": "long" - }, - "cluster_removed": { - "type": "long" - }, - "warming_clusters": { - "type": "long" - } - } - }, - "filesystem": { - "properties": { - "flushed_by_timer": { - "type": "long" - }, - "reopen_failed": { - "type": "long" - }, - "write_buffered": { - "type": "long" - }, - "write_completed": { - "type": "long" - }, - "write_total_buffered": { - "type": "long" - } - } - }, - "http2": { - "properties": { - "header_overflow": { - "type": "long" - }, - "headers_cb_no_stream": { - "type": "long" - }, - "rx_messaging_error": { - "type": "long" - }, - "rx_reset": { - "type": "long" - }, - "too_many_header_frames": { - "type": "long" - }, - "trailers": { - "type": "long" - }, - "tx_reset": { - "type": "long" - } - } - }, - "listener_manager": { - "properties": { - "listener_added": { - "type": "long" - }, - "listener_create_failure": { - "type": "long" - }, - "listener_create_success": { - "type": "long" - }, - "listener_modified": { - "type": "long" - }, - "listener_removed": { - "type": "long" - }, - "total_listeners_active": { - "type": "long" - }, - "total_listeners_draining": { - "type": "long" - }, - "total_listeners_warming": { - "type": "long" - } - } - }, - "runtime": { - "properties": { - "admin_overrides_active": { - "type": "long" - }, - "load_error": { - "type": "long" - }, - "load_success": { - "type": "long" - }, - "num_keys": { - "type": "long" - }, - "override_dir_exists": { - "type": "long" - }, - "override_dir_not_exists": { - "type": "long" - } - } - }, - "server": { - "properties": { - "days_until_first_cert_expiring": { - "type": "long" - }, - "hot_restart_epoch": { - "type": "long" - }, - "live": { - "type": "long" - }, - "memory_allocated": { - "type": "long" - }, - "memory_heap_size": { - "type": "long" - }, - "parent_connections": { - "type": "long" - }, - "total_connections": { - "type": "long" - }, - "uptime": { - "type": "long" - }, - "version": { - "type": "long" - }, - "watchdog_mega_miss": { - "type": "long" - }, - "watchdog_miss": { - "type": "long" - } - } - }, - "stats": { - "properties": { - "overflow": { - "type": "long" - } - } - } - } - } - } - }, - "error": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "etcd": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "disk": { - "properties": { - "backend_commit_duration": { - "properties": { - "ns": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - }, - "mvcc_db_total_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "wal_fsync_duration": { - "properties": { - "ns": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "leader": { - "properties": { - "followers": { - "properties": { - "counts": { - "properties": { - "followers": { - "properties": { - "counts": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - } - } - } - } - }, - "latency": { - "properties": { - "follower": { - "properties": { - "latency": { - "properties": { - "standardDeviation": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "followers": { - "properties": { - "latency": { - "properties": { - "average": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "current": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "maximum": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "minimum": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "leader": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "memory": { - "properties": { - "go_memstats_alloc": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "network": { - "properties": { - "client_grpc_received": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "client_grpc_sent": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "self": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "leaderinfo": { - "properties": { - "leader": { - "ignore_above": 1024, - "type": "keyword" - }, - "starttime": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "recv": { - "properties": { - "appendrequest": { - "properties": { - "count": { - "type": "long" - } - } - }, - "bandwidthrate": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "pkgrate": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "send": { - "properties": { - "appendrequest": { - "properties": { - "count": { - "type": "long" - } - } - }, - "bandwidthrate": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "pkgrate": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "starttime": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "grpc_handled": { - "properties": { - "count": { - "type": "long" - } - } - }, - "grpc_started": { - "properties": { - "count": { - "type": "long" - } - } - }, - "has_leader": { - "type": "byte" - }, - "leader_changes": { - "properties": { - "count": { - "type": "long" - } - } - }, - "proposals_committed": { - "properties": { - "count": { - "type": "long" - } - } - }, - "proposals_failed": { - "properties": { - "count": { - "type": "long" - } - } - }, - "proposals_pending": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "store": { - "properties": { - "compareanddelete": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "compareandswap": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "create": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "delete": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "expire": { - "properties": { - "count": { - "type": "long" - } - } - }, - "gets": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "sets": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "update": { - "properties": { - "fail": { - "type": "long" - }, - "success": { - "type": "long" - } - } - }, - "watchers": { - "type": "long" - } - } - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "target_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "golang": { - "properties": { - "expvar": { - "properties": { - "cmdline": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "heap": { - "properties": { - "allocations": { - "properties": { - "active": { - "type": "long" - }, - "allocated": { - "type": "long" - }, - "frees": { - "type": "long" - }, - "idle": { - "type": "long" - }, - "mallocs": { - "type": "long" - }, - "objects": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "cmdline": { - "ignore_above": 1024, - "type": "keyword" - }, - "gc": { - "properties": { - "cpu_fraction": { - "type": "float" - }, - "next_gc_limit": { - "type": "long" - }, - "pause": { - "properties": { - "avg": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "count": { - "type": "long" - }, - "max": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "sum": { - "properties": { - "ns": { - "type": "long" - } - } - } - } - }, - "total_count": { - "type": "long" - }, - "total_pause": { - "properties": { - "ns": { - "type": "long" - } - } - } - } - }, - "system": { - "properties": { - "obtained": { - "type": "long" - }, - "released": { - "type": "long" - }, - "stack": { - "type": "long" - }, - "total": { - "type": "long" - } - } - } - } - } - } - }, - "graphite": { - "properties": { - "server": { - "properties": { - "example": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "haproxy": { - "properties": { - "info": { - "properties": { - "compress": { - "properties": { - "bps": { - "properties": { - "in": { - "type": "long" - }, - "out": { - "type": "long" - }, - "rate_limit": { - "type": "long" - } - } - } - } - }, - "connection": { - "properties": { - "current": { - "type": "long" - }, - "hard_max": { - "type": "long" - }, - "max": { - "type": "long" - }, - "rate": { - "properties": { - "limit": { - "type": "long" - }, - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - }, - "ssl": { - "properties": { - "current": { - "type": "long" - }, - "max": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "total": { - "type": "long" - } - } - }, - "idle": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "memory": { - "properties": { - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "pipes": { - "properties": { - "free": { - "type": "long" - }, - "max": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "process_num": { - "type": "long" - }, - "processes": { - "type": "long" - }, - "requests": { - "properties": { - "max": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "run_queue": { - "type": "long" - }, - "session": { - "properties": { - "rate": { - "properties": { - "limit": { - "type": "long" - }, - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - } - } - }, - "sockets": { - "properties": { - "max": { - "type": "long" - } - } - }, - "ssl": { - "properties": { - "backend": { - "properties": { - "key_rate": { - "properties": { - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - } - } - }, - "cache_misses": { - "type": "long" - }, - "cached_lookups": { - "type": "long" - }, - "frontend": { - "properties": { - "key_rate": { - "properties": { - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - }, - "session_reuse": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "rate": { - "properties": { - "limit": { - "type": "long" - }, - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - } - } - }, - "tasks": { - "type": "long" - }, - "ulimit_n": { - "type": "long" - }, - "uptime": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "zlib_mem_usage": { - "properties": { - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - } - } - }, - "stat": { - "properties": { - "check": { - "properties": { - "agent": { - "properties": { - "last": { - "type": "long" - } - } - }, - "code": { - "type": "long" - }, - "down": { - "type": "long" - }, - "duration": { - "type": "long" - }, - "failed": { - "type": "long" - }, - "health": { - "properties": { - "fail": { - "type": "long" - }, - "last": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "properties": { - "aborted": { - "type": "long" - } - } - }, - "component_type": { - "type": "long" - }, - "compressor": { - "properties": { - "bypassed": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "in": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "out": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "response": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "connection": { - "properties": { - "retried": { - "type": "long" - }, - "time": { - "properties": { - "avg": { - "type": "long" - } - } - }, - "total": { - "type": "long" - } - } - }, - "downtime": { - "type": "long" - }, - "in": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "last_change": { - "type": "long" - }, - "out": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "proxy": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "queue": { - "properties": { - "limit": { - "type": "long" - }, - "time": { - "properties": { - "avg": { - "type": "long" - } - } - } - } - }, - "request": { - "properties": { - "connection": { - "properties": { - "errors": { - "type": "long" - } - } - }, - "denied": { - "type": "long" - }, - "errors": { - "type": "long" - }, - "queued": { - "properties": { - "current": { - "type": "long" - }, - "max": { - "type": "long" - } - } - }, - "rate": { - "properties": { - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - }, - "redispatched": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "response": { - "properties": { - "denied": { - "type": "long" - }, - "errors": { - "type": "long" - }, - "http": { - "properties": { - "1xx": { - "type": "long" - }, - "2xx": { - "type": "long" - }, - "3xx": { - "type": "long" - }, - "4xx": { - "type": "long" - }, - "5xx": { - "type": "long" - }, - "other": { - "type": "long" - } - } - }, - "time": { - "properties": { - "avg": { - "type": "long" - } - } - } - } - }, - "selected": { - "properties": { - "total": { - "type": "long" - } - } - }, - "server": { - "properties": { - "aborted": { - "type": "long" - }, - "active": { - "type": "long" - }, - "backup": { - "type": "long" - }, - "id": { - "type": "long" - } - } - }, - "service_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "session": { - "properties": { - "current": { - "type": "long" - }, - "limit": { - "type": "long" - }, - "max": { - "type": "long" - }, - "rate": { - "properties": { - "limit": { - "type": "long" - }, - "max": { - "type": "long" - }, - "value": { - "type": "long" - } - } - } - } - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "throttle": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "tracked": { - "properties": { - "id": { - "type": "long" - } - } - }, - "weight": { - "type": "long" - } - } - } - } - }, - "host": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "properties": { - "json": { - "type": "object" - }, - "json_response": { - "properties": { - "_module": { - "properties": { - "response": { - "properties": { - "code": { - "type": "long" - }, - "headers": { - "properties": { - "Connection": { - "ignore_above": 1024, - "type": "keyword" - }, - "Content-Length": { - "ignore_above": 1024, - "type": "keyword" - }, - "Content-Type": { - "ignore_above": 1024, - "type": "keyword" - }, - "Date": { - "ignore_above": 1024, - "type": "keyword" - }, - "Etag": { - "ignore_above": 1024, - "type": "keyword" - }, - "Server": { - "ignore_above": 1024, - "type": "keyword" - }, - "Strict-Transport-Security": { - "ignore_above": 1024, - "type": "keyword" - }, - "Vary": { - "ignore_above": 1024, - "type": "keyword" - }, - "X-Content-Type-Options": { - "ignore_above": 1024, - "type": "keyword" - }, - "X-Dns-Prefetch-Control": { - "ignore_above": 1024, - "type": "keyword" - }, - "X-Download-Options": { - "ignore_above": 1024, - "type": "keyword" - }, - "X-Frame-Options": { - "ignore_above": 1024, - "type": "keyword" - }, - "X-Xss-Protection": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "phrase": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "success": { - "type": "boolean" - } - } - }, - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "headers": { - "type": "object" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "headers": { - "type": "object" - }, - "phrase": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "server": { - "type": "object" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "jolokia": { - "properties": { - "agent": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "secured": { - "type": "boolean" - }, - "server": { - "properties": { - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kafka": { - "properties": { - "broker": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "type": "long" - } - } - }, - "consumergroup": { - "properties": { - "broker": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "type": "long" - } - } - }, - "client": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "member_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "properties": { - "code": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "meta": { - "ignore_above": 1024, - "type": "keyword" - }, - "offset": { - "type": "long" - }, - "partition": { - "type": "long" - }, - "topic": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "partition": { - "properties": { - "broker": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "type": "long" - } - } - }, - "id": { - "type": "long" - }, - "offset": { - "properties": { - "newest": { - "type": "long" - }, - "oldest": { - "type": "long" - } - } - }, - "partition": { - "properties": { - "error": { - "properties": { - "code": { - "type": "long" - } - } - }, - "id": { - "type": "long" - }, - "insync_replica": { - "type": "boolean" - }, - "is_leader": { - "type": "boolean" - }, - "isr": { - "ignore_above": 1024, - "type": "keyword" - }, - "leader": { - "type": "long" - }, - "replica": { - "type": "long" - } - } - }, - "topic": { - "properties": { - "error": { - "properties": { - "code": { - "type": "long" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "topic_broker_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "topic_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "topic": { - "properties": { - "error": { - "properties": { - "code": { - "type": "long" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "kibana": { - "properties": { - "stats": { - "properties": { - "concurrent_connections": { - "type": "long" - }, - "host": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "properties": { - "event_loop_delay": { - "properties": { - "ms": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "memory": { - "properties": { - "heap": { - "properties": { - "size_limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "uptime": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "request": { - "properties": { - "disconnects": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "response_time": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "max": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "snapshot": { - "type": "boolean" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "status": { - "properties": { - "metrics": { - "properties": { - "concurrent_connections": { - "type": "long" - }, - "requests": { - "properties": { - "disconnects": { - "type": "long" - }, - "total": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "properties": { - "overall": { - "properties": { - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - } - } - }, - "kubernetes": { - "properties": { - "annotations": { - "type": "object" - }, - "apiserver": { - "properties": { - "request": { - "properties": { - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "count": { - "type": "long" - }, - "latency": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "subresource": { - "ignore_above": 1024, - "type": "keyword" - }, - "verb": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "properties": { - "_module": { - "properties": { - "labels": { - "properties": { - "app": { - "ignore_above": 1024, - "type": "keyword" - }, - "chart": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-revision-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "heritage": { - "ignore_above": 1024, - "type": "keyword" - }, - "job-name": { - "ignore_above": 1024, - "type": "keyword" - }, - "k8s-app": { - "ignore_above": 1024, - "type": "keyword" - }, - "kubernetes": { - "properties": { - "io/cluster-service": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-generation": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "release": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "statefulset": { - "properties": { - "kubernetes": { - "properties": { - "io/pod-name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "tier": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cpu": { - "properties": { - "limit": { - "properties": { - "cores": { - "type": "float" - }, - "nanocores": { - "type": "long" - } - } - }, - "request": { - "properties": { - "cores": { - "type": "float" - }, - "nanocores": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "core": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "limit": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "nanocores": { - "type": "long" - }, - "node": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "ignore_above": 1024, - "type": "keyword" - }, - "logs": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "inodes": { - "properties": { - "count": { - "type": "long" - }, - "free": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "majorpagefaults": { - "type": "long" - }, - "pagefaults": { - "type": "long" - }, - "request": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "rss": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - }, - "limit": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "node": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "workingset": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "rootfs": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "inodes": { - "properties": { - "used": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "start_time": { - "type": "date" - }, - "status": { - "properties": { - "phase": { - "ignore_above": 1024, - "type": "keyword" - }, - "ready": { - "type": "boolean" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "restarts": { - "type": "long" - } - } - } - } - }, - "controllermanager": { - "properties": { - "client": { - "properties": { - "request": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handler": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "http": { - "properties": { - "request": { - "properties": { - "count": { - "type": "long" - }, - "duration": { - "properties": { - "us": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "double" - } - } - } - } - }, - "size": { - "properties": { - "bytes": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "response": { - "properties": { - "size": { - "properties": { - "bytes": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "leader": { - "properties": { - "is_master": { - "type": "boolean" - } - } - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "collector": { - "properties": { - "count": { - "type": "long" - }, - "eviction": { - "properties": { - "count": { - "type": "long" - } - } - }, - "health": { - "properties": { - "pct": { - "type": "long" - } - } - }, - "unhealthy": { - "properties": { - "count": { - "type": "long" - } - } - } - } - } - } - }, - "process": { - "properties": { - "cpu": { - "properties": { - "sec": { - "type": "double" - } - } - }, - "fds": { - "properties": { - "open": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "resident": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "virtual": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "started": { - "properties": { - "sec": { - "type": "double" - } - } - } - } - }, - "workqueue": { - "properties": { - "adds": { - "properties": { - "count": { - "type": "long" - } - } - }, - "depth": { - "properties": { - "count": { - "type": "long" - } - } - }, - "longestrunning": { - "properties": { - "sec": { - "type": "double" - } - } - }, - "retries": { - "properties": { - "count": { - "type": "long" - } - } - }, - "unfinished": { - "properties": { - "sec": { - "type": "double" - } - } - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "paused": { - "type": "boolean" - }, - "replicas": { - "properties": { - "available": { - "type": "long" - }, - "desired": { - "type": "long" - }, - "unavailable": { - "type": "long" - }, - "updated": { - "type": "long" - } - } - } - } - }, - "event": { - "properties": { - "count": { - "type": "long" - }, - "involved_object": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "copy_to": [ - "message" - ], - "ignore_above": 1024, - "type": "keyword" - }, - "metadata": { - "properties": { - "generate_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "self_link": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "properties": { - "created": { - "type": "date" - } - } - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "properties": { - "first_occurrence": { - "type": "date" - }, - "last_occurrence": { - "type": "date" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "addonmanager": { - "properties": { - "kubernetes": { - "properties": { - "io/mode": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "app": { - "ignore_above": 1024, - "type": "keyword" - }, - "chart": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-revision-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "heritage": { - "ignore_above": 1024, - "type": "keyword" - }, - "job-name": { - "ignore_above": 1024, - "type": "keyword" - }, - "k8s-app": { - "ignore_above": 1024, - "type": "keyword" - }, - "kubernetes": { - "properties": { - "io/cluster-service": { - "ignore_above": 1024, - "type": "keyword" - }, - "io/name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-generation": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "release": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "statefulset": { - "properties": { - "kubernetes": { - "properties": { - "io/pod-name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "statefulset_kubernetes_io/pod-name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tier": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "_module": { - "properties": { - "labels": { - "properties": { - "beta": { - "properties": { - "kubernetes": { - "properties": { - "io/arch": { - "ignore_above": 1024, - "type": "keyword" - }, - "io/fluentd-ds-ready": { - "ignore_above": 1024, - "type": "keyword" - }, - "io/instance-type": { - "ignore_above": 1024, - "type": "keyword" - }, - "io/os": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "google": { - "properties": { - "com/gke-nodepool": { - "ignore_above": 1024, - "type": "keyword" - }, - "com/gke-os-distribution": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "failure-domain": { - "properties": { - "beta": { - "properties": { - "kubernetes": { - "properties": { - "io/region": { - "ignore_above": 1024, - "type": "keyword" - }, - "io/zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "kubernetes": { - "properties": { - "io/hostname": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "cpu": { - "properties": { - "allocatable": { - "properties": { - "cores": { - "type": "float" - } - } - }, - "capacity": { - "properties": { - "cores": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "core": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "nanocores": { - "type": "long" - } - } - } - } - }, - "fs": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "inodes": { - "properties": { - "count": { - "type": "long" - }, - "free": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "allocatable": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "majorpagefaults": { - "type": "long" - }, - "pagefaults": { - "type": "long" - }, - "rss": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "workingset": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "rx": { - "properties": { - "bytes": { - "type": "long" - }, - "errors": { - "type": "long" - } - } - }, - "tx": { - "properties": { - "bytes": { - "type": "long" - }, - "errors": { - "type": "long" - } - } - } - } - }, - "pod": { - "properties": { - "allocatable": { - "properties": { - "total": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "total": { - "type": "long" - } - } - } - } - }, - "runtime": { - "properties": { - "imagefs": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "start_time": { - "type": "date" - }, - "status": { - "properties": { - "ready": { - "ignore_above": 1024, - "type": "keyword" - }, - "unschedulable": { - "type": "boolean" - } - } - } - } - }, - "pod": { - "properties": { - "_module": { - "properties": { - "labels": { - "properties": { - "app": { - "ignore_above": 1024, - "type": "keyword" - }, - "chart": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-revision-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "controller-uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "heritage": { - "ignore_above": 1024, - "type": "keyword" - }, - "job-name": { - "ignore_above": 1024, - "type": "keyword" - }, - "k8s-app": { - "ignore_above": 1024, - "type": "keyword" - }, - "kubernetes": { - "properties": { - "io/cluster-service": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-generation": { - "ignore_above": 1024, - "type": "keyword" - }, - "pod-template-hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "release": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "statefulset": { - "properties": { - "kubernetes": { - "properties": { - "io/pod-name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "tier": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cpu": { - "properties": { - "usage": { - "properties": { - "limit": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "nanocores": { - "type": "long" - }, - "node": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - } - } - }, - "host_ip": { - "type": "ip" - }, - "ip": { - "type": "ip" - }, - "memory": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "major_page_faults": { - "type": "long" - }, - "page_faults": { - "type": "long" - }, - "rss": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - }, - "limit": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "node": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "working_set": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "rx": { - "properties": { - "bytes": { - "type": "long" - }, - "errors": { - "type": "long" - } - } - }, - "tx": { - "properties": { - "bytes": { - "type": "long" - }, - "errors": { - "type": "long" - } - } - } - } - }, - "start_time": { - "type": "date" - }, - "status": { - "properties": { - "phase": { - "ignore_above": 1024, - "type": "keyword" - }, - "ready": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheduled": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "proxy": { - "properties": { - "client": { - "properties": { - "request": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handler": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "http": { - "properties": { - "request": { - "properties": { - "count": { - "type": "long" - }, - "duration": { - "properties": { - "us": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "double" - } - } - } - } - }, - "size": { - "properties": { - "bytes": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "response": { - "properties": { - "size": { - "properties": { - "bytes": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "properties": { - "cpu": { - "properties": { - "sec": { - "type": "double" - } - } - }, - "fds": { - "properties": { - "open": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "resident": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "virtual": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "started": { - "properties": { - "sec": { - "type": "double" - } - } - } - } - }, - "sync": { - "properties": { - "networkprogramming": { - "properties": { - "duration": { - "properties": { - "us": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "rules": { - "properties": { - "duration": { - "properties": { - "us": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - } - } - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "replicas": { - "properties": { - "available": { - "type": "long" - }, - "desired": { - "type": "long" - }, - "labeled": { - "type": "long" - }, - "observed": { - "type": "long" - }, - "ready": { - "type": "long" - } - } - } - } - }, - "scheduler": { - "properties": { - "client": { - "properties": { - "request": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "handler": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "http": { - "properties": { - "request": { - "properties": { - "count": { - "type": "long" - }, - "duration": { - "properties": { - "us": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "double" - } - } - } - } - }, - "size": { - "properties": { - "bytes": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "response": { - "properties": { - "size": { - "properties": { - "bytes": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "leader": { - "properties": { - "is_master": { - "type": "boolean" - } - } - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "properties": { - "cpu": { - "properties": { - "sec": { - "type": "double" - } - } - }, - "fds": { - "properties": { - "open": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "resident": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "virtual": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "started": { - "properties": { - "sec": { - "type": "double" - } - } - } - } - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheduling": { - "properties": { - "duration": { - "properties": { - "seconds": { - "properties": { - "count": { - "type": "long" - }, - "percentile": { - "properties": { - "*": { - "type": "object" - } - } - }, - "sum": { - "type": "double" - } - } - } - } - }, - "e2e": { - "properties": { - "duration": { - "properties": { - "us": { - "properties": { - "bucket": { - "properties": { - "*": { - "type": "object" - } - } - }, - "count": { - "type": "long" - }, - "sum": { - "type": "long" - } - } - } - } - } - } - }, - "pod": { - "properties": { - "attempts": { - "properties": { - "count": { - "type": "long" - } - } - }, - "preemption": { - "properties": { - "victims": { - "properties": { - "count": { - "type": "long" - } - } - } - } - } - } - } - } - } - } - }, - "statefulset": { - "properties": { - "created": { - "type": "long" - }, - "generation": { - "properties": { - "desired": { - "type": "long" - }, - "observed": { - "type": "long" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "replicas": { - "properties": { - "desired": { - "type": "long" - }, - "observed": { - "type": "long" - } - } - } - } - }, - "system": { - "properties": { - "_module": { - "properties": { - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu": { - "properties": { - "usage": { - "properties": { - "core": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "nanocores": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "majorpagefaults": { - "type": "long" - }, - "pagefaults": { - "type": "long" - }, - "rss": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "workingset": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "start_time": { - "type": "date" - } - } - }, - "volume": { - "properties": { - "_module": { - "properties": { - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "fs": { - "properties": { - "available": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "capacity": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "inodes": { - "properties": { - "count": { - "type": "long" - }, - "free": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "kvm": { - "properties": { - "dommemstat": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "stat": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "type": "long" - } - } - } - } - } - } - }, - "labels": { - "type": "object" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "logstash": { - "properties": { - "node": { - "properties": { - "jvm": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "stats": { - "properties": { - "events": { - "properties": { - "filtered": { - "type": "long" - }, - "in": { - "type": "long" - }, - "out": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "memcached": { - "properties": { - "stats": { - "properties": { - "bytes": { - "properties": { - "current": { - "type": "long" - }, - "limit": { - "type": "long" - } - } - }, - "cmd": { - "properties": { - "get": { - "type": "long" - }, - "set": { - "type": "long" - } - } - }, - "connections": { - "properties": { - "current": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "evictions": { - "type": "long" - }, - "get": { - "properties": { - "hits": { - "type": "long" - }, - "misses": { - "type": "long" - } - } - }, - "items": { - "properties": { - "current": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "pid": { - "type": "long" - }, - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "threads": { - "type": "long" - }, - "uptime": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "written": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "metricset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mongodb": { - "properties": { - "collstats": { - "properties": { - "collection": { - "ignore_above": 1024, - "type": "keyword" - }, - "commands": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "db": { - "ignore_above": 1024, - "type": "keyword" - }, - "getmore": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "insert": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "lock": { - "properties": { - "read": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "write": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "queries": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "remove": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "total": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "update": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - } - } - }, - "dbstats": { - "properties": { - "avg_obj_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "collections": { - "type": "long" - }, - "data_file_version": { - "properties": { - "major": { - "type": "long" - }, - "minor": { - "type": "long" - } - } - }, - "data_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "db": { - "ignore_above": 1024, - "type": "keyword" - }, - "extent_free_list": { - "properties": { - "num": { - "type": "long" - }, - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "file_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "index_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "indexes": { - "type": "long" - }, - "ns_size_mb": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "num_extents": { - "type": "long" - }, - "objects": { - "type": "long" - }, - "storage_size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "metrics": { - "properties": { - "commands": { - "properties": { - "aggregate": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "build_info": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "coll_stats": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "connection_pool_stats": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "count": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "db_stats": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "distinct": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "find": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "get_cmd_line_opts": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "get_last_error": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "get_log": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "get_more": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "get_parameter": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "host_info": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "insert": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "is_master": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "is_self": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "last_collections": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "last_commands": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "list_databased": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "list_indexes": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "ping": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "profile": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "replset_get_rbid": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "replset_get_status": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "replset_heartbeat": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "replset_update_position": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "server_status": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "update": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "whatsmyuri": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - } - } - }, - "cursor": { - "properties": { - "open": { - "properties": { - "no_timeout": { - "type": "long" - }, - "pinned": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "timed_out": { - "type": "long" - } - } - }, - "document": { - "properties": { - "deleted": { - "type": "long" - }, - "inserted": { - "type": "long" - }, - "returned": { - "type": "long" - }, - "updated": { - "type": "long" - } - } - }, - "get_last_error": { - "properties": { - "write_timeouts": { - "type": "long" - }, - "write_wait": { - "properties": { - "count": { - "type": "long" - }, - "ms": { - "type": "long" - } - } - } - } - }, - "operation": { - "properties": { - "scan_and_order": { - "type": "long" - }, - "write_conflicts": { - "type": "long" - } - } - }, - "query_executor": { - "properties": { - "scanned_documents": { - "type": "long" - }, - "scanned_indexes": { - "type": "long" - } - } - }, - "replication": { - "properties": { - "apply": { - "properties": { - "attempts_to_become_secondary": { - "type": "long" - }, - "batches": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "ops": { - "type": "long" - } - } - }, - "buffer": { - "properties": { - "count": { - "type": "long" - }, - "max_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "executor": { - "properties": { - "counters": { - "properties": { - "cancels": { - "type": "long" - }, - "event_created": { - "type": "long" - }, - "event_wait": { - "type": "long" - }, - "scheduled": { - "properties": { - "dbwork": { - "type": "long" - }, - "exclusive": { - "type": "long" - }, - "failures": { - "type": "long" - }, - "netcmd": { - "type": "long" - }, - "work": { - "type": "long" - }, - "work_at": { - "type": "long" - } - } - }, - "waits": { - "type": "long" - } - } - }, - "event_waiters": { - "type": "long" - }, - "network_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "queues": { - "properties": { - "free": { - "type": "long" - }, - "in_progress": { - "properties": { - "dbwork": { - "type": "long" - }, - "exclusive": { - "type": "long" - }, - "network": { - "type": "long" - } - } - }, - "ready": { - "type": "long" - }, - "sleepers": { - "type": "long" - } - } - }, - "shutting_down": { - "type": "boolean" - }, - "unsignaled_events": { - "type": "long" - } - } - }, - "initial_sync": { - "properties": { - "completed": { - "type": "long" - }, - "failed_attempts": { - "type": "long" - }, - "failures": { - "type": "long" - } - } - }, - "network": { - "properties": { - "bytes": { - "type": "long" - }, - "getmores": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "ops": { - "type": "long" - }, - "reders_created": { - "type": "long" - } - } - }, - "preload": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "indexes": { - "properties": { - "count": { - "type": "long" - }, - "time": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "storage": { - "properties": { - "free_list": { - "properties": { - "search": { - "properties": { - "bucket_exhausted": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "scanned": { - "type": "long" - } - } - } - } - } - } - }, - "ttl": { - "properties": { - "deleted_documents": { - "type": "long" - }, - "passes": { - "type": "long" - } - } - } - } - }, - "replstatus": { - "properties": { - "headroom": { - "properties": { - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "lag": { - "properties": { - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "members": { - "properties": { - "arbiter": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "down": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "primary": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "optime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "recovering": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rollback": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "secondary": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "optimes": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "startup2": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "unhealthy": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "unknown": { - "properties": { - "count": { - "type": "long" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "oplog": { - "properties": { - "first": { - "properties": { - "timestamp": { - "type": "long" - } - } - }, - "last": { - "properties": { - "timestamp": { - "type": "long" - } - } - }, - "size": { - "properties": { - "allocated": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "window": { - "type": "long" - } - } - }, - "optimes": { - "properties": { - "applied": { - "type": "long" - }, - "durable": { - "type": "long" - }, - "last_committed": { - "type": "long" - } - } - }, - "server_date": { - "type": "date" - }, - "set_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "status": { - "properties": { - "asserts": { - "properties": { - "msg": { - "type": "long" - }, - "regular": { - "type": "long" - }, - "rollovers": { - "type": "long" - }, - "user": { - "type": "long" - }, - "warning": { - "type": "long" - } - } - }, - "background_flushing": { - "properties": { - "average": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "flushes": { - "type": "long" - }, - "last": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "last_finished": { - "type": "date" - }, - "total": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "connections": { - "properties": { - "available": { - "type": "long" - }, - "current": { - "type": "long" - }, - "total_created": { - "type": "long" - } - } - }, - "extra_info": { - "properties": { - "heap_usage": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "page_faults": { - "type": "long" - } - } - }, - "global_lock": { - "properties": { - "active_clients": { - "properties": { - "readers": { - "type": "long" - }, - "total": { - "type": "long" - }, - "writers": { - "type": "long" - } - } - }, - "current_queue": { - "properties": { - "readers": { - "type": "long" - }, - "total": { - "type": "long" - }, - "writers": { - "type": "long" - } - } - }, - "total_time": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "journaling": { - "properties": { - "commits": { - "type": "long" - }, - "commits_in_write_lock": { - "type": "long" - }, - "compression": { - "type": "long" - }, - "early_commits": { - "type": "long" - }, - "journaled": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "times": { - "properties": { - "commits": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "commits_in_write_lock": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "dt": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "prep_log_buffer": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "remap_private_view": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "write_to_data_files": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "write_to_journal": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "write_to_data_files": { - "properties": { - "mb": { - "type": "long" - } - } - } - } - }, - "local_time": { - "type": "date" - }, - "locks": { - "properties": { - "collection": { - "properties": { - "acquire": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "deadlock": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "wait": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - }, - "us": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - } - } - }, - "database": { - "properties": { - "acquire": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "deadlock": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "wait": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - }, - "us": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - } - } - }, - "global": { - "properties": { - "acquire": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "deadlock": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "wait": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - }, - "us": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - } - } - }, - "meta_data": { - "properties": { - "acquire": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "deadlock": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "wait": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - }, - "us": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - } - } - }, - "oplog": { - "properties": { - "acquire": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "deadlock": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - }, - "wait": { - "properties": { - "count": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - }, - "us": { - "properties": { - "R": { - "type": "long" - }, - "W": { - "type": "long" - }, - "r": { - "type": "long" - }, - "w": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "memory": { - "properties": { - "bits": { - "type": "long" - }, - "mapped": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "mapped_with_journal": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "resident": { - "properties": { - "mb": { - "type": "long" - } - } - }, - "virtual": { - "properties": { - "mb": { - "type": "long" - } - } - } - } - }, - "network": { - "properties": { - "in": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "out": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "requests": { - "type": "long" - } - } - }, - "ops": { - "properties": { - "counters": { - "properties": { - "command": { - "type": "long" - }, - "delete": { - "type": "long" - }, - "getmore": { - "type": "long" - }, - "insert": { - "type": "long" - }, - "query": { - "type": "long" - }, - "update": { - "type": "long" - } - } - }, - "latencies": { - "properties": { - "commands": { - "properties": { - "count": { - "type": "long" - }, - "latency": { - "type": "long" - } - } - }, - "reads": { - "properties": { - "count": { - "type": "long" - }, - "latency": { - "type": "long" - } - } - }, - "writes": { - "properties": { - "count": { - "type": "long" - }, - "latency": { - "type": "long" - } - } - } - } - }, - "replicated": { - "properties": { - "command": { - "type": "long" - }, - "delete": { - "type": "long" - }, - "getmore": { - "type": "long" - }, - "insert": { - "type": "long" - }, - "query": { - "type": "long" - }, - "update": { - "type": "long" - } - } - } - } - }, - "process": { - "path": "process.name", - "type": "alias" - }, - "storage_engine": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "uptime": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "version": { - "path": "service.version", - "type": "alias" - }, - "wired_tiger": { - "properties": { - "cache": { - "properties": { - "dirty": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "maximum": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "pages": { - "properties": { - "evicted": { - "type": "long" - }, - "read": { - "type": "long" - }, - "write": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "concurrent_transactions": { - "properties": { - "read": { - "properties": { - "available": { - "type": "long" - }, - "out": { - "type": "long" - }, - "total_tickets": { - "type": "long" - } - } - }, - "write": { - "properties": { - "available": { - "type": "long" - }, - "out": { - "type": "long" - }, - "total_tickets": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "flushes": { - "type": "long" - }, - "max_file_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "scans": { - "type": "long" - }, - "size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "syncs": { - "type": "long" - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "writes": { - "type": "long" - } - } - } - } - }, - "write_backs_queued": { - "type": "boolean" - } - } - } - } - }, - "mssql": { - "properties": { - "database": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "performance": { - "properties": { - "active_temp_tables": { - "type": "long" - }, - "batch_requests_per_sec": { - "type": "long" - }, - "buffer": { - "properties": { - "cache_hit": { - "properties": { - "pct": { - "type": "double" - } - } - }, - "checkpoint_pages_per_sec": { - "type": "long" - }, - "database_pages": { - "type": "long" - }, - "page_life_expectancy": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "target_pages": { - "type": "long" - } - } - }, - "compilations_per_sec": { - "type": "long" - }, - "connections_reset_per_sec": { - "type": "long" - }, - "lock_waits_per_sec": { - "type": "long" - }, - "logins_per_sec": { - "type": "long" - }, - "logouts_per_sec": { - "type": "long" - }, - "page_splits_per_sec": { - "type": "long" - }, - "recompilations_per_sec": { - "type": "long" - }, - "transactions": { - "type": "long" - }, - "user_connections": { - "type": "long" - } - } - }, - "transaction_log": { - "properties": { - "space_usage": { - "properties": { - "since_last_backup": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "type": "float" - } - } - } - } - }, - "stats": { - "properties": { - "active_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "backup_time": { - "type": "date" - }, - "recovery_size": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "since_last_checkpoint": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total_size": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "munin": { - "properties": { - "metrics": { - "properties": { - "*": { - "type": "object" - } - } - }, - "plugin": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "mysql": { - "properties": { - "galera_status": { - "properties": { - "apply": { - "properties": { - "oooe": { - "type": "double" - }, - "oool": { - "type": "double" - }, - "window": { - "type": "double" - } - } - }, - "cert": { - "properties": { - "deps_distance": { - "type": "double" - }, - "index_size": { - "type": "long" - }, - "interval": { - "type": "double" - } - } - }, - "cluster": { - "properties": { - "conf_id": { - "type": "long" - }, - "size": { - "type": "long" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "commit": { - "properties": { - "oooe": { - "type": "double" - }, - "window": { - "type": "long" - } - } - }, - "connected": { - "ignore_above": 1024, - "type": "keyword" - }, - "evs": { - "properties": { - "evict": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flow_ctl": { - "properties": { - "paused": { - "type": "double" - }, - "paused_ns": { - "type": "long" - }, - "recv": { - "type": "long" - }, - "sent": { - "type": "long" - } - } - }, - "last_committed": { - "type": "long" - }, - "local": { - "properties": { - "bf_aborts": { - "type": "long" - }, - "cert_failures": { - "type": "long" - }, - "commits": { - "type": "long" - }, - "recv": { - "properties": { - "queue": { - "type": "long" - }, - "queue_avg": { - "type": "double" - }, - "queue_max": { - "type": "long" - }, - "queue_min": { - "type": "long" - } - } - }, - "replays": { - "type": "long" - }, - "send": { - "properties": { - "queue": { - "type": "long" - }, - "queue_avg": { - "type": "double" - }, - "queue_max": { - "type": "long" - }, - "queue_min": { - "type": "long" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ready": { - "ignore_above": 1024, - "type": "keyword" - }, - "received": { - "properties": { - "bytes": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "repl": { - "properties": { - "bytes": { - "type": "long" - }, - "count": { - "type": "long" - }, - "data_bytes": { - "type": "long" - }, - "keys": { - "type": "long" - }, - "keys_bytes": { - "type": "long" - }, - "other_bytes": { - "type": "long" - } - } - } - } - }, - "status": { - "properties": { - "aborted": { - "properties": { - "clients": { - "type": "long" - }, - "connects": { - "type": "long" - } - } - }, - "binlog": { - "properties": { - "cache": { - "properties": { - "disk_use": { - "type": "long" - }, - "use": { - "type": "long" - } - } - } - } - }, - "bytes": { - "properties": { - "received": { - "type": "long" - }, - "sent": { - "type": "long" - } - } - }, - "command": { - "properties": { - "delete": { - "type": "long" - }, - "insert": { - "type": "long" - }, - "select": { - "type": "long" - }, - "update": { - "type": "long" - } - } - }, - "connections": { - "type": "long" - }, - "created": { - "properties": { - "tmp": { - "properties": { - "disk_tables": { - "type": "long" - }, - "files": { - "type": "long" - }, - "tables": { - "type": "long" - } - } - } - } - }, - "delayed": { - "properties": { - "errors": { - "type": "long" - }, - "insert_threads": { - "type": "long" - }, - "writes": { - "type": "long" - } - } - }, - "flush_commands": { - "type": "long" - }, - "handler": { - "properties": { - "commit": { - "type": "long" - }, - "delete": { - "type": "long" - }, - "external_lock": { - "type": "long" - }, - "mrr_init": { - "type": "long" - }, - "prepare": { - "type": "long" - }, - "read": { - "properties": { - "first": { - "type": "long" - }, - "key": { - "type": "long" - }, - "last": { - "type": "long" - }, - "next": { - "type": "long" - }, - "prev": { - "type": "long" - }, - "rnd": { - "type": "long" - }, - "rnd_next": { - "type": "long" - } - } - }, - "rollback": { - "type": "long" - }, - "savepoint": { - "type": "long" - }, - "savepoint_rollback": { - "type": "long" - }, - "update": { - "type": "long" - }, - "write": { - "type": "long" - } - } - }, - "innodb": { - "properties": { - "buffer_pool": { - "properties": { - "bytes": { - "properties": { - "data": { - "type": "long" - }, - "dirty": { - "type": "long" - } - } - }, - "dump_status": { - "type": "long" - }, - "load_status": { - "type": "long" - }, - "pages": { - "properties": { - "data": { - "type": "long" - }, - "dirty": { - "type": "long" - }, - "flushed": { - "type": "long" - }, - "free": { - "type": "long" - }, - "latched": { - "type": "long" - }, - "misc": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "pool": { - "properties": { - "reads": { - "type": "long" - }, - "resize_status": { - "type": "long" - }, - "wait_free": { - "type": "long" - } - } - }, - "read": { - "properties": { - "ahead": { - "type": "long" - }, - "ahead_evicted": { - "type": "long" - }, - "ahead_rnd": { - "type": "long" - }, - "requests": { - "type": "long" - } - } - }, - "write_requests": { - "type": "long" - } - } - } - } - }, - "max_used_connections": { - "type": "long" - }, - "open": { - "properties": { - "files": { - "type": "long" - }, - "streams": { - "type": "long" - }, - "tables": { - "type": "long" - } - } - }, - "opened_tables": { - "type": "long" - }, - "queries": { - "type": "long" - }, - "questions": { - "type": "long" - }, - "threads": { - "properties": { - "cached": { - "type": "long" - }, - "connected": { - "type": "long" - }, - "created": { - "type": "long" - }, - "running": { - "type": "long" - } - } - } - } - } - } - }, - "nats": { - "properties": { - "connections": { - "properties": { - "total": { - "type": "long" - } - } - }, - "routes": { - "properties": { - "total": { - "type": "long" - } - } - }, - "server": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "time": { - "type": "date" - } - } - }, - "stats": { - "properties": { - "cores": { - "type": "long" - }, - "cpu": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "http": { - "properties": { - "req_stats": { - "properties": { - "uri": { - "properties": { - "connz": { - "type": "long" - }, - "root": { - "type": "long" - }, - "routez": { - "type": "long" - }, - "subsz": { - "type": "long" - }, - "varz": { - "type": "long" - } - } - } - } - } - } - }, - "in": { - "properties": { - "bytes": { - "type": "long" - }, - "messages": { - "type": "long" - } - } - }, - "mem": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "out": { - "properties": { - "bytes": { - "type": "long" - }, - "messages": { - "type": "long" - } - } - }, - "remotes": { - "type": "long" - }, - "slow_consumers": { - "type": "long" - }, - "total_connections": { - "type": "long" - }, - "uptime": { - "type": "long" - } - } - }, - "subscriptions": { - "properties": { - "cache": { - "properties": { - "fanout": { - "properties": { - "avg": { - "type": "double" - }, - "max": { - "type": "long" - } - } - }, - "hit_rate": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "size": { - "type": "long" - } - } - }, - "inserts": { - "type": "long" - }, - "matches": { - "type": "long" - }, - "removes": { - "type": "long" - }, - "total": { - "type": "long" - } - } - } - } - }, - "network": { - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "nginx": { - "properties": { - "stubstatus": { - "properties": { - "accepts": { - "type": "long" - }, - "active": { - "type": "long" - }, - "current": { - "type": "long" - }, - "dropped": { - "type": "long" - }, - "handled": { - "type": "long" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "reading": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "waiting": { - "type": "long" - }, - "writing": { - "type": "long" - } - } - } - } - }, - "observer": { - "properties": { - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "oracle": { - "properties": { - "tablespace": { - "properties": { - "data_file": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "online_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "properties": { - "bytes": { - "type": "long" - }, - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "space": { - "properties": { - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "php_fpm": { - "properties": { - "pool": { - "properties": { - "connections": { - "properties": { - "accepted": { - "type": "long" - }, - "listen_queue_len": { - "type": "long" - }, - "max_listen_queue": { - "type": "long" - }, - "queued": { - "type": "long" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "process_manager": { - "ignore_above": 1024, - "type": "keyword" - }, - "processes": { - "properties": { - "active": { - "type": "long" - }, - "idle": { - "type": "long" - }, - "max_active": { - "type": "long" - }, - "max_children_reached": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "slow_requests": { - "type": "long" - }, - "start_since": { - "type": "long" - }, - "start_time": { - "type": "date" - } - } - }, - "process": { - "properties": { - "last_request_cpu": { - "type": "long" - }, - "last_request_memory": { - "type": "long" - }, - "request_duration": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "script": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_since": { - "type": "long" - }, - "start_time": { - "type": "date" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "postgresql": { - "properties": { - "activity": { - "properties": { - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "backend_start": { - "type": "date" - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - } - } - }, - "database": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "oid": { - "type": "long" - } - } - }, - "pid": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_start": { - "type": "date" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_change": { - "type": "date" - }, - "transaction_start": { - "type": "date" - }, - "user": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "waiting": { - "type": "boolean" - } - } - }, - "bgwriter": { - "properties": { - "buffers": { - "properties": { - "allocated": { - "type": "long" - }, - "backend": { - "type": "long" - }, - "backend_fsync": { - "type": "long" - }, - "checkpoints": { - "type": "long" - }, - "clean": { - "type": "long" - }, - "clean_full": { - "type": "long" - } - } - }, - "checkpoints": { - "properties": { - "requested": { - "type": "long" - }, - "scheduled": { - "type": "long" - }, - "times": { - "properties": { - "sync": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "write": { - "properties": { - "ms": { - "type": "float" - } - } - } - } - } - } - }, - "stats_reset": { - "type": "date" - } - } - }, - "database": { - "properties": { - "blocks": { - "properties": { - "hit": { - "type": "long" - }, - "read": { - "type": "long" - }, - "time": { - "properties": { - "read": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "write": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "conflicts": { - "type": "long" - }, - "deadlocks": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "number_of_backends": { - "type": "long" - }, - "oid": { - "type": "long" - }, - "rows": { - "properties": { - "deleted": { - "type": "long" - }, - "fetched": { - "type": "long" - }, - "inserted": { - "type": "long" - }, - "returned": { - "type": "long" - }, - "updated": { - "type": "long" - } - } - }, - "stats_reset": { - "type": "date" - }, - "temporary": { - "properties": { - "bytes": { - "type": "long" - }, - "files": { - "type": "long" - } - } - }, - "transactions": { - "properties": { - "commit": { - "type": "long" - }, - "rollback": { - "type": "long" - } - } - } - } - }, - "statement": { - "properties": { - "database": { - "properties": { - "oid": { - "type": "long" - } - } - }, - "query": { - "properties": { - "calls": { - "type": "long" - }, - "id": { - "type": "long" - }, - "memory": { - "properties": { - "local": { - "properties": { - "dirtied": { - "type": "long" - }, - "hit": { - "type": "long" - }, - "read": { - "type": "long" - }, - "written": { - "type": "long" - } - } - }, - "shared": { - "properties": { - "dirtied": { - "type": "long" - }, - "hit": { - "type": "long" - }, - "read": { - "type": "long" - }, - "written": { - "type": "long" - } - } - }, - "temp": { - "properties": { - "read": { - "type": "long" - }, - "written": { - "type": "long" - } - } - } - } - }, - "rows": { - "type": "long" - }, - "text": { - "ignore_above": 1024, - "type": "keyword" - }, - "time": { - "properties": { - "max": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "mean": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "min": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "stddev": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "total": { - "properties": { - "ms": { - "type": "float" - } - } - } - } - } - } - }, - "user": { - "properties": { - "id": { - "type": "long" - } - } - } - } - } - } - }, - "process": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "working_directory": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "prometheus": { - "properties": { - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "metrics": { - "properties": { - "*": { - "type": "object" - } - } - } - } - }, - "rabbitmq": { - "properties": { - "connection": { - "properties": { - "channel_max": { - "type": "long" - }, - "channels": { - "type": "long" - }, - "frame_max": { - "type": "long" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "octet_count": { - "properties": { - "received": { - "type": "long" - }, - "sent": { - "type": "long" - } - } - }, - "packet_count": { - "properties": { - "pending": { - "type": "long" - }, - "received": { - "type": "long" - }, - "sent": { - "type": "long" - } - } - }, - "peer": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - } - } - }, - "port": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "exchange": { - "properties": { - "auto_delete": { - "type": "boolean" - }, - "durable": { - "type": "boolean" - }, - "internal": { - "type": "boolean" - }, - "messages": { - "properties": { - "publish_in": { - "properties": { - "count": { - "type": "long" - }, - "details": { - "properties": { - "rate": { - "type": "float" - } - } - } - } - }, - "publish_out": { - "properties": { - "count": { - "type": "long" - }, - "details": { - "properties": { - "rate": { - "type": "float" - } - } - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "node": { - "properties": { - "disk": { - "properties": { - "free": { - "properties": { - "bytes": { - "type": "long" - }, - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "fd": { - "properties": { - "total": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "gc": { - "properties": { - "num": { - "properties": { - "count": { - "type": "long" - } - } - }, - "reclaimed": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "io": { - "properties": { - "file_handle": { - "properties": { - "open_attempt": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "count": { - "type": "long" - } - } - } - } - }, - "read": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "bytes": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "reopen": { - "properties": { - "count": { - "type": "long" - } - } - }, - "seek": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "count": { - "type": "long" - } - } - }, - "sync": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "count": { - "type": "long" - } - } - }, - "write": { - "properties": { - "avg": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "bytes": { - "type": "long" - }, - "count": { - "type": "long" - } - } - } - } - }, - "mem": { - "properties": { - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "mnesia": { - "properties": { - "disk": { - "properties": { - "tx": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "ram": { - "properties": { - "tx": { - "properties": { - "count": { - "type": "long" - } - } - } - } - } - } - }, - "msg": { - "properties": { - "store_read": { - "properties": { - "count": { - "type": "long" - } - } - }, - "store_write": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "proc": { - "properties": { - "total": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "processors": { - "type": "long" - }, - "queue": { - "properties": { - "index": { - "properties": { - "journal_write": { - "properties": { - "count": { - "type": "long" - } - } - }, - "read": { - "properties": { - "count": { - "type": "long" - } - } - }, - "write": { - "properties": { - "count": { - "type": "long" - } - } - } - } - } - } - }, - "run": { - "properties": { - "queue": { - "type": "long" - } - } - }, - "socket": { - "properties": { - "total": { - "type": "long" - }, - "used": { - "type": "long" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - } - } - }, - "queue": { - "properties": { - "arguments": { - "properties": { - "max_priority": { - "type": "long" - } - } - }, - "auto_delete": { - "type": "boolean" - }, - "consumers": { - "properties": { - "count": { - "type": "long" - }, - "utilisation": { - "properties": { - "pct": { - "type": "long" - } - } - } - } - }, - "disk": { - "properties": { - "reads": { - "properties": { - "count": { - "type": "long" - } - } - }, - "writes": { - "properties": { - "count": { - "type": "long" - } - } - } - } - }, - "durable": { - "type": "boolean" - }, - "exclusive": { - "type": "boolean" - }, - "memory": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "messages": { - "properties": { - "persistent": { - "properties": { - "count": { - "type": "long" - } - } - }, - "ready": { - "properties": { - "count": { - "type": "long" - }, - "details": { - "properties": { - "rate": { - "type": "float" - } - } - } - } - }, - "total": { - "properties": { - "count": { - "type": "long" - }, - "details": { - "properties": { - "rate": { - "type": "float" - } - } - } - } - }, - "unacknowledged": { - "properties": { - "count": { - "type": "long" - }, - "details": { - "properties": { - "rate": { - "type": "float" - } - } - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vhost": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "redis": { - "properties": { - "info": { - "properties": { - "clients": { - "properties": { - "biggest_input_buf": { - "type": "long" - }, - "blocked": { - "type": "long" - }, - "connected": { - "type": "long" - }, - "longest_output_list": { - "type": "long" - }, - "max_input_buffer": { - "type": "long" - }, - "max_output_buffer": { - "type": "long" - } - } - }, - "cluster": { - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "cpu": { - "properties": { - "used": { - "properties": { - "sys": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "sys_children": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user_children": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "memory": { - "properties": { - "active_defrag": { - "properties": { - "is_running": { - "type": "boolean" - } - } - }, - "allocator": { - "ignore_above": 1024, - "type": "keyword" - }, - "allocator_stats": { - "properties": { - "active": { - "type": "long" - }, - "allocated": { - "type": "long" - }, - "fragmentation": { - "properties": { - "bytes": { - "type": "long" - }, - "ratio": { - "type": "float" - } - } - }, - "resident": { - "type": "long" - }, - "rss": { - "properties": { - "bytes": { - "type": "long" - }, - "ratio": { - "type": "float" - } - } - } - } - }, - "fragmentation": { - "properties": { - "bytes": { - "type": "long" - }, - "ratio": { - "type": "float" - } - } - }, - "max": { - "properties": { - "policy": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "type": "long" - } - } - }, - "used": { - "properties": { - "dataset": { - "type": "long" - }, - "lua": { - "type": "long" - }, - "peak": { - "type": "long" - }, - "rss": { - "type": "long" - }, - "value": { - "type": "long" - } - } - } - } - }, - "persistence": { - "properties": { - "aof": { - "properties": { - "bgrewrite": { - "properties": { - "last_status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "buffer": { - "properties": { - "size": { - "type": "long" - } - } - }, - "copy_on_write": { - "properties": { - "last_size": { - "type": "long" - } - } - }, - "enabled": { - "type": "boolean" - }, - "fsync": { - "properties": { - "delayed": { - "type": "long" - }, - "pending": { - "type": "long" - } - } - }, - "rewrite": { - "properties": { - "buffer": { - "properties": { - "size": { - "type": "long" - } - } - }, - "current_time": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "in_progress": { - "type": "boolean" - }, - "last_time": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "scheduled": { - "type": "boolean" - } - } - }, - "size": { - "properties": { - "base": { - "type": "long" - }, - "current": { - "type": "long" - } - } - }, - "write": { - "properties": { - "last_status": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "loading": { - "type": "boolean" - }, - "rdb": { - "properties": { - "bgsave": { - "properties": { - "current_time": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "in_progress": { - "type": "boolean" - }, - "last_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_time": { - "properties": { - "sec": { - "type": "long" - } - } - } - } - }, - "copy_on_write": { - "properties": { - "last_size": { - "type": "long" - } - } - }, - "last_save": { - "properties": { - "changes_since": { - "type": "long" - }, - "time": { - "type": "long" - } - } - } - } - } - } - }, - "replication": { - "properties": { - "backlog": { - "properties": { - "active": { - "type": "long" - }, - "first_byte_offset": { - "type": "long" - }, - "histlen": { - "type": "long" - }, - "size": { - "type": "long" - } - } - }, - "connected_slaves": { - "type": "long" - }, - "master": { - "properties": { - "last_io_seconds_ago": { - "type": "long" - }, - "link_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "offset": { - "type": "long" - }, - "second_offset": { - "type": "long" - }, - "sync": { - "properties": { - "in_progress": { - "type": "boolean" - }, - "last_io_seconds_ago": { - "type": "long" - }, - "left_bytes": { - "type": "long" - } - } - } - } - }, - "master_offset": { - "type": "long" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "slave": { - "properties": { - "is_readonly": { - "type": "boolean" - }, - "offset": { - "type": "long" - }, - "priority": { - "type": "long" - } - } - } - } - }, - "server": { - "properties": { - "arch_bits": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "config_file": { - "ignore_above": 1024, - "type": "keyword" - }, - "gcc_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "git_dirty": { - "ignore_above": 1024, - "type": "keyword" - }, - "git_sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "hz": { - "type": "long" - }, - "lru_clock": { - "type": "long" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "multiplexing_api": { - "ignore_above": 1024, - "type": "keyword" - }, - "run_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_port": { - "type": "long" - }, - "uptime": { - "type": "long" - } - } - }, - "slowlog": { - "properties": { - "count": { - "type": "long" - } - } - }, - "stats": { - "properties": { - "active_defrag": { - "properties": { - "hits": { - "type": "long" - }, - "key_hits": { - "type": "long" - }, - "key_misses": { - "type": "long" - }, - "misses": { - "type": "long" - } - } - }, - "commands_processed": { - "type": "long" - }, - "connections": { - "properties": { - "received": { - "type": "long" - }, - "rejected": { - "type": "long" - } - } - }, - "instantaneous": { - "properties": { - "input_kbps": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ops_per_sec": { - "type": "long" - }, - "output_kbps": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "keys": { - "properties": { - "evicted": { - "type": "long" - }, - "expired": { - "type": "long" - } - } - }, - "keyspace": { - "properties": { - "hits": { - "type": "long" - }, - "misses": { - "type": "long" - } - } - }, - "latest_fork_usec": { - "type": "long" - }, - "migrate_cached_sockets": { - "type": "long" - }, - "net": { - "properties": { - "input": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "output": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "pubsub": { - "properties": { - "channels": { - "type": "long" - }, - "patterns": { - "type": "long" - } - } - }, - "slave_expires_tracked_keys": { - "type": "long" - }, - "sync": { - "properties": { - "full": { - "type": "long" - }, - "partial": { - "properties": { - "err": { - "type": "long" - }, - "ok": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "key": { - "properties": { - "expire": { - "properties": { - "ttl": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "length": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "keyspace": { - "properties": { - "avg_ttl": { - "type": "long" - }, - "expires": { - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "keys": { - "type": "long" - } - } - } - } - }, - "related": { - "properties": { - "ip": { - "type": "ip" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "system": { - "properties": { - "core": { - "properties": { - "id": { - "type": "long" - }, - "idle": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "iowait": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "irq": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "nice": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "softirq": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "steal": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "system": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "user": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - } - } - }, - "cpu": { - "properties": { - "cores": { - "type": "long" - }, - "idle": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "iowait": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "irq": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "nice": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "softirq": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "steal": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "system": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - }, - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "user": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - } - } - } - } - }, - "diskio": { - "properties": { - "io": { - "properties": { - "time": { - "type": "long" - } - } - }, - "iostat": { - "properties": { - "await": { - "type": "float" - }, - "busy": { - "type": "float" - }, - "queue": { - "properties": { - "avg_size": { - "type": "float" - } - } - }, - "read": { - "properties": { - "await": { - "type": "float" - }, - "per_sec": { - "properties": { - "bytes": { - "type": "float" - } - } - }, - "request": { - "properties": { - "merges_per_sec": { - "type": "float" - }, - "per_sec": { - "type": "float" - } - } - } - } - }, - "request": { - "properties": { - "avg_size": { - "type": "float" - } - } - }, - "service_time": { - "type": "float" - }, - "write": { - "properties": { - "await": { - "type": "float" - }, - "per_sec": { - "properties": { - "bytes": { - "type": "float" - } - } - }, - "request": { - "properties": { - "merges_per_sec": { - "type": "float" - }, - "per_sec": { - "type": "float" - } - } - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "read": { - "properties": { - "bytes": { - "type": "long" - }, - "count": { - "type": "long" - }, - "time": { - "type": "long" - } - } - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "write": { - "properties": { - "bytes": { - "type": "long" - }, - "count": { - "type": "long" - }, - "time": { - "type": "long" - } - } - } - } - }, - "entropy": { - "properties": { - "available_bits": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "filesystem": { - "properties": { - "available": { - "type": "long" - }, - "device_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "files": { - "type": "long" - }, - "free": { - "type": "long" - }, - "free_files": { - "type": "long" - }, - "mount_point": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "fsstat": { - "properties": { - "count": { - "type": "long" - }, - "total_files": { - "type": "long" - }, - "total_size": { - "properties": { - "free": { - "type": "long" - }, - "total": { - "type": "long" - }, - "used": { - "type": "long" - } - } - } - } - }, - "load": { - "properties": { - "1": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "15": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "5": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "cores": { - "type": "long" - }, - "norm": { - "properties": { - "1": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "15": { - "scaling_factor": 100, - "type": "scaled_float" - }, - "5": { - "scaling_factor": 100, - "type": "scaled_float" - } - } - } - } - }, - "memory": { - "properties": { - "actual": { - "properties": { - "free": { - "type": "long" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "free": { - "type": "long" - }, - "hugepages": { - "properties": { - "default_size": { - "type": "long" - }, - "free": { - "type": "long" - }, - "reserved": { - "type": "long" - }, - "surplus": { - "type": "long" - }, - "total": { - "type": "long" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "type": "long" - } - } - } - } - }, - "swap": { - "properties": { - "free": { - "type": "long" - }, - "total": { - "type": "long" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "total": { - "type": "long" - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - } - } - }, - "network": { - "properties": { - "in": { - "properties": { - "bytes": { - "type": "long" - }, - "dropped": { - "type": "long" - }, - "errors": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "out": { - "properties": { - "bytes": { - "type": "long" - }, - "dropped": { - "type": "long" - }, - "errors": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "process": { - "properties": { - "cgroup": { - "properties": { - "blkio": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "total": { - "properties": { - "bytes": { - "type": "long" - }, - "ios": { - "type": "long" - } - } - } - } - }, - "cpu": { - "properties": { - "cfs": { - "properties": { - "period": { - "properties": { - "us": { - "type": "long" - } - } - }, - "quota": { - "properties": { - "us": { - "type": "long" - } - } - }, - "shares": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "rt": { - "properties": { - "period": { - "properties": { - "us": { - "type": "long" - } - } - }, - "runtime": { - "properties": { - "us": { - "type": "long" - } - } - } - } - }, - "stats": { - "properties": { - "periods": { - "type": "long" - }, - "throttled": { - "properties": { - "ns": { - "type": "long" - }, - "periods": { - "type": "long" - } - } - } - } - } - } - }, - "cpuacct": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "percpu": { - "properties": { - "1": { - "type": "long" - }, - "2": { - "type": "long" - }, - "3": { - "type": "long" - }, - "4": { - "type": "long" - } - } - }, - "stats": { - "properties": { - "system": { - "properties": { - "ns": { - "type": "long" - } - } - }, - "user": { - "properties": { - "ns": { - "type": "long" - } - } - } - } - }, - "total": { - "properties": { - "ns": { - "type": "long" - } - } - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "memory": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "kmem": { - "properties": { - "failures": { - "type": "long" - }, - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "kmem_tcp": { - "properties": { - "failures": { - "type": "long" - }, - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "mem": { - "properties": { - "failures": { - "type": "long" - }, - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "memsw": { - "properties": { - "failures": { - "type": "long" - }, - "limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "usage": { - "properties": { - "bytes": { - "type": "long" - }, - "max": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "properties": { - "active_anon": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "active_file": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "cache": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "hierarchical_memory_limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "hierarchical_memsw_limit": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "inactive_anon": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "inactive_file": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "major_page_faults": { - "type": "long" - }, - "mapped_file": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "page_faults": { - "type": "long" - }, - "pages_in": { - "type": "long" - }, - "pages_out": { - "type": "long" - }, - "rss": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "rss_huge": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "swap": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "unevictable": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cmdline": { - "ignore_above": 2048, - "type": "keyword" - }, - "cpu": { - "properties": { - "start_time": { - "type": "date" - }, - "system": { - "properties": { - "ticks": { - "type": "long" - } - } - }, - "total": { - "properties": { - "norm": { - "properties": { - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - }, - "ticks": { - "type": "long" - }, - "value": { - "type": "long" - } - } - }, - "user": { - "properties": { - "ticks": { - "type": "long" - } - } - } - } - }, - "env": { - "type": "object" - }, - "fd": { - "properties": { - "limit": { - "properties": { - "hard": { - "type": "long" - }, - "soft": { - "type": "long" - } - } - }, - "open": { - "type": "long" - } - } - }, - "memory": { - "properties": { - "rss": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "share": { - "type": "long" - }, - "size": { - "type": "long" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "summary": { - "properties": { - "dead": { - "type": "long" - }, - "idle": { - "type": "long" - }, - "running": { - "type": "long" - }, - "sleeping": { - "type": "long" - }, - "stopped": { - "type": "long" - }, - "total": { - "type": "long" - }, - "unknown": { - "type": "long" - }, - "zombie": { - "type": "long" - } - } - } - } - }, - "raid": { - "properties": { - "blocks": { - "properties": { - "synced": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "disks": { - "properties": { - "active": { - "type": "long" - }, - "failed": { - "type": "long" - }, - "spare": { - "type": "long" - }, - "states": { - "properties": { - "*": { - "type": "object" - } - } - }, - "total": { - "type": "long" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync_action": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "socket": { - "properties": { - "local": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "process": { - "properties": { - "cmdline": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "remote": { - "properties": { - "etld_plus_one": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_error": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "summary": { - "properties": { - "all": { - "properties": { - "count": { - "type": "long" - }, - "listening": { - "type": "long" - } - } - }, - "tcp": { - "properties": { - "all": { - "properties": { - "close_wait": { - "type": "long" - }, - "count": { - "type": "long" - }, - "established": { - "type": "long" - }, - "listening": { - "type": "long" - }, - "orphan": { - "type": "long" - }, - "time_wait": { - "type": "long" - } - } - }, - "memory": { - "type": "long" - } - } - }, - "udp": { - "properties": { - "all": { - "properties": { - "count": { - "type": "long" - } - } - }, - "memory": { - "type": "long" - } - } - } - } - } - } - }, - "uptime": { - "properties": { - "duration": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "traefik": { - "properties": { - "health": { - "properties": { - "response": { - "properties": { - "avg_time": { - "properties": { - "us": { - "type": "long" - } - } - }, - "count": { - "type": "long" - }, - "status_codes": { - "properties": { - "*": { - "type": "object" - } - } - } - } - }, - "uptime": { - "properties": { - "sec": { - "type": "long" - } - } - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "uwsgi": { - "properties": { - "status": { - "properties": { - "core": { - "properties": { - "id": { - "type": "long" - }, - "read_errors": { - "type": "long" - }, - "requests": { - "properties": { - "offloaded": { - "type": "long" - }, - "routed": { - "type": "long" - }, - "static": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "worker_pid": { - "type": "long" - }, - "write_errors": { - "type": "long" - } - } - }, - "total": { - "properties": { - "exceptions": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "read_errors": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "write_errors": { - "type": "long" - } - } - }, - "worker": { - "properties": { - "accepting": { - "type": "long" - }, - "avg_rt": { - "type": "long" - }, - "delta_requests": { - "type": "long" - }, - "exceptions": { - "type": "long" - }, - "harakiri_count": { - "type": "long" - }, - "id": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "respawn_count": { - "type": "long" - }, - "rss": { - "ignore_above": 1024, - "type": "keyword" - }, - "running_time": { - "type": "long" - }, - "signal_queue": { - "type": "long" - }, - "signals": { - "type": "long" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "tx": { - "type": "long" - }, - "vsz": { - "type": "long" - } - } - } - } - } - } - }, - "vsphere": { - "properties": { - "datastore": { - "properties": { - "capacity": { - "properties": { - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - }, - "pct": { - "type": "long" - } - } - } - } - }, - "fstype": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "cpu": { - "properties": { - "free": { - "properties": { - "mhz": { - "type": "long" - } - } - }, - "total": { - "properties": { - "mhz": { - "type": "long" - } - } - }, - "used": { - "properties": { - "mhz": { - "type": "long" - } - } - } - } - }, - "memory": { - "properties": { - "free": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "total": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "used": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network_names": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "virtualmachine": { - "properties": { - "cpu": { - "properties": { - "used": { - "properties": { - "mhz": { - "type": "long" - } - } - } - } - }, - "custom_fields": { - "type": "object" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "memory": { - "properties": { - "free": { - "properties": { - "guest": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "total": { - "properties": { - "guest": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "used": { - "properties": { - "guest": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "host": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "windows": { - "properties": { - "service": { - "properties": { - "display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pid": { - "type": "long" - }, - "start_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "zookeeper": { - "properties": { - "connection": { - "properties": { - "interest_ops": { - "type": "long" - }, - "queued": { - "type": "long" - }, - "received": { - "type": "long" - }, - "sent": { - "type": "long" - } - } - }, - "mntr": { - "properties": { - "approximate_data_size": { - "type": "long" - }, - "ephemerals_count": { - "type": "long" - }, - "followers": { - "type": "long" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "latency": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "max_file_descriptor_count": { - "type": "long" - }, - "num_alive_connections": { - "type": "long" - }, - "open_file_descriptor_count": { - "type": "long" - }, - "outstanding_requests": { - "type": "long" - }, - "packets": { - "properties": { - "received": { - "type": "long" - }, - "sent": { - "type": "long" - } - } - }, - "pending_syncs": { - "type": "long" - }, - "server_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "synced_followers": { - "type": "long" - }, - "version": { - "path": "service.version", - "type": "alias" - }, - "watch_count": { - "type": "long" - }, - "znode_count": { - "type": "long" - } - } - }, - "server": { - "properties": { - "connections": { - "type": "long" - }, - "count": { - "type": "long" - }, - "epoch": { - "type": "long" - }, - "latency": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "node_count": { - "type": "long" - }, - "outstanding": { - "type": "long" - }, - "received": { - "type": "long" - }, - "sent": { - "type": "long" - }, - "version_date": { - "type": "date" - }, - "zxid": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "number_of_replicas": "0", - "number_of_shards": "1", - "query": { - "default_field": [ - "beat.*", - "type", - "tags", - "meta.*", - "message" - ] - } - } - } - } -} diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/synthtrace/sendotlp.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/synthtrace/sendotlp.ts new file mode 100644 index 0000000000000..37aa8e35e6c81 --- /dev/null +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/fixtures/synthtrace/sendotlp.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { generateShortId, otel, timerange } from '@kbn/apm-synthtrace-client'; +import { times } from 'lodash'; + +export function sendotlp({ from, to }: { from: number; to: number }) { + const range = timerange(from, to); + const traceId = generateShortId(); + const spanId = generateShortId(); + + const otelSendotlp = times(2).map((index) => otel.create(traceId)); + + return range + .interval('1s') + .rate(1) + .generator((timestamp) => + otelSendotlp.flatMap((otelDoc) => { + return [ + otelDoc.metric().timestamp(timestamp), + otelDoc.transaction(spanId).timestamp(timestamp), + otelDoc.error(spanId).timestamp(timestamp), + ]; + }) + ); +} diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/setup_cypress_node_events.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/setup_cypress_node_events.ts index 3d322a169663c..e2fbf64f8f378 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/setup_cypress_node_events.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/setup_cypress_node_events.ts @@ -4,7 +4,12 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { ApmSynthtraceEsClient, createLogger, LogLevel } from '@kbn/apm-synthtrace'; +import { + ApmSynthtraceEsClient, + OtelSynthtraceEsClient, + createLogger, + LogLevel, +} from '@kbn/apm-synthtrace'; import { createEsClientForTesting } from '@kbn/test'; // eslint-disable-next-line @kbn/imports/no_unresolvable_imports import { initPlugin } from '@frsource/cypress-plugin-visual-regression-diff/plugins'; @@ -28,10 +33,20 @@ export function setupNodeEvents(on: Cypress.PluginEvents, config: Cypress.Plugin version: config.env.APM_PACKAGE_VERSION, }); + const synthtraceOtelEsClient = new OtelSynthtraceEsClient({ + client, + logger, + refreshAfterIndex: true, + }); + synthtraceEsClient.pipeline( synthtraceEsClient.getDefaultPipeline({ includeSerialization: false }) ); + synthtraceOtelEsClient.pipeline( + synthtraceOtelEsClient.getDefaultPipeline({ includeSerialization: false }) + ); + initPlugin(on, config); on('task', { @@ -50,6 +65,14 @@ export function setupNodeEvents(on: Cypress.PluginEvents, config: Cypress.Plugin await synthtraceEsClient.clean(); return null; }, + async 'synthtraceOtel:index'(events: Array>) { + await synthtraceOtelEsClient.index(Readable.from(events)); + return null; + }, + async 'synthtraceOtel:clean'() { + await synthtraceOtelEsClient.clean(); + return null; + }, }); on('after:spec', (spec, results) => { diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/synthtrace.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/synthtrace.ts index f483deff55f95..226ee8f0291b5 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/synthtrace.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/synthtrace.ts @@ -14,3 +14,12 @@ export const synthtrace = { ), clean: () => cy.task('synthtrace:clean'), }; + +export const synthtraceOtel = { + index: (events: SynthtraceGenerator | Array>) => + cy.task( + 'synthtraceOtel:index', + Array.from(events).flatMap((event) => event.serialize()) + ), + clean: () => cy.task('synthtraceOtel:clean'), +}; diff --git a/x-pack/plugins/observability_solution/inventory/README.md b/x-pack/plugins/observability_solution/inventory/README.md index 446b85483402c..e2a435ebb9358 100644 --- a/x-pack/plugins/observability_solution/inventory/README.md +++ b/x-pack/plugins/observability_solution/inventory/README.md @@ -1,3 +1,21 @@ # Inventory Home of the Inventory plugin, which renders the... _inventory_. + +# Running e2e (Cypress) tests + +How to open cypress dashboard locally: +``` +node x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js --open +``` + +How to run cypress tests: +``` +node x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js +``` + +How to run cypress tests multiple times: +``` +node x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js --server +node x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js --runner --times=X +``` diff --git a/x-pack/plugins/observability_solution/inventory/e2e/README.md b/x-pack/plugins/observability_solution/inventory/e2e/README.md new file mode 100644 index 0000000000000..2fd9f9570028d --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/README.md @@ -0,0 +1 @@ +TBD \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/inventory/e2e/apis/fixtures/package_registry_config.yml b/x-pack/plugins/observability_solution/inventory/e2e/apis/fixtures/package_registry_config.yml new file mode 100644 index 0000000000000..a6c51976af986 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/apis/fixtures/package_registry_config.yml @@ -0,0 +1,2 @@ +package_paths: + - /packages/package-storage \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress.config.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress.config.ts new file mode 100644 index 0000000000000..feb0a630043d4 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress.config.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { defineCypressConfig } from '@kbn/cypress-config'; +import { setupNodeEvents } from './setup_cypress_node_events'; + +export default defineCypressConfig({ + projectId: 'omwh6f', + fileServerFolder: './cypress', + fixturesFolder: './cypress/fixtures', + screenshotsFolder: './cypress/screenshots', + videosFolder: './cypress/videos', + requestTimeout: 10000, + responseTimeout: 40000, + defaultCommandTimeout: 30000, + execTimeout: 120000, + pageLoadTimeout: 120000, + viewportHeight: 1800, + viewportWidth: 1440, + video: true, + screenshotOnRunFailure: true, + retries: { + runMode: 1, + }, + e2e: { + setupNodeEvents, + baseUrl: 'http://localhost:5601', + supportFile: './cypress/support/e2e.ts', + specPattern: './cypress/e2e/**/*.cy.{js,jsx,ts,tsx}', + }, +}); diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/.gitignore b/x-pack/plugins/observability_solution/inventory/e2e/cypress/.gitignore new file mode 100644 index 0000000000000..c2f807a100b12 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/.gitignore @@ -0,0 +1,2 @@ +/videos/* +/screenshots/* diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/generate_data.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/generate_data.ts new file mode 100644 index 0000000000000..3ddea0d925de2 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/generate_data.ts @@ -0,0 +1,112 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { apm, entities, log, timerange } from '@kbn/apm-synthtrace-client'; +import { generateLongIdWithSeed } from '@kbn/apm-synthtrace-client/src/lib/utils/generate_id'; + +const SYNTH_NODE_TRACES_LOGS_ENTITY_ID = generateLongIdWithSeed('service'); +const HOST_SERVER_1_LOGS_ENTITY_ID = generateLongIdWithSeed('host'); +const CONTAINER_ID_METRICS_ENTITY_ID = generateLongIdWithSeed('container'); + +const SYNTH_NODE_TRACE_LOGS = 'synth-node-trace-logs'; +const HOST_NAME = 'server1'; +const CONTAINER_ID = 'foo'; + +const ENVIRONMENT = 'test'; + +export function generateEntities({ from, to }: { from: number; to: number }) { + const serviceSynthNodeTracesLogs = entities.serviceEntity({ + serviceName: SYNTH_NODE_TRACE_LOGS, + agentName: ['nodejs'], + dataStreamType: ['traces', 'logs'], + environment: ENVIRONMENT, + entityId: SYNTH_NODE_TRACES_LOGS_ENTITY_ID, + }); + + const hostServer1Logs = entities.hostEntity({ + hostName: HOST_NAME, + agentName: ['nodejs'], + dataStreamType: ['logs'], + entityId: HOST_SERVER_1_LOGS_ENTITY_ID, + }); + + const containerMetrics = entities.containerEntity({ + containerId: CONTAINER_ID, + agentName: ['filebeat'], + dataStreamType: ['metrics'], + entityId: CONTAINER_ID_METRICS_ENTITY_ID, + }); + + const range = timerange(from, to); + + return range + .interval('1m') + .rate(1) + .generator((timestamp) => { + return [ + serviceSynthNodeTracesLogs.timestamp(timestamp), + hostServer1Logs.timestamp(timestamp), + containerMetrics.timestamp(timestamp), + ]; + }); +} + +export function generateTraces({ from, to }: { from: number; to: number }) { + const synthNodeTraceLogs = apm + .service({ + name: SYNTH_NODE_TRACE_LOGS, + environment: ENVIRONMENT, + agentName: 'nodejs', + }) + .instance('instance_1'); + + const range = timerange(from, to); + return range + .interval('1m') + .rate(1) + .generator((timestamp) => { + return [ + synthNodeTraceLogs + .transaction({ transactionName: 't1' }) + .timestamp(timestamp) + .duration(1000) + .success(), + ]; + }); +} + +const MESSAGE_LOG_LEVELS = [ + { message: 'A simple log', level: 'info' }, + { message: 'Yet another debug log', level: 'debug' }, + { message: 'Error with certificate: "ca_trusted_fingerprint"', level: 'error' }, +]; +export function generateLogs({ from, to }: { from: number; to: number }) { + const range = timerange(from, to); + return range + .interval('1m') + .rate(1) + .generator((timestamp) => { + return Array(3) + .fill(0) + .map(() => { + const index = Math.floor(Math.random() * 3); + const logMessage = MESSAGE_LOG_LEVELS[index]; + + return log + .create({ isLogsDb: false }) + .service(SYNTH_NODE_TRACE_LOGS) + .message(logMessage.message) + .logLevel(logMessage.level) + .setGeoLocation([1]) + .setHostIp('223.72.43.22') + .defaults({ + 'agent.name': 'nodejs', + }) + .timestamp(timestamp); + }); + }); +} diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts new file mode 100644 index 0000000000000..16d14446ef240 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts @@ -0,0 +1,158 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { apmSynthtrace, entitiesSynthtrace, logsSynthtrace } from '../../synthtrace'; +import { generateEntities, generateLogs, generateTraces } from './generate_data'; + +const start = '2024-10-16T00:00:00.000Z'; +const end = '2024-10-16T00:15:00.000Z'; + +describe('Home page', () => { + beforeEach(() => { + cy.loginAsSuperUser(); + }); + + describe('When EEM is disabled', () => { + it('Shows no data screen', () => { + cy.visitKibana('/app/inventory'); + cy.contains('See everything you have in one place'); + cy.getByTestSubj('inventoryInventoryPageTemplateFilledButton').should('exist'); + }); + }); + + describe('When EEM is enabled', () => { + describe('When there is no entities', () => { + it('Shows inventory page with empty message', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.contains('Inventory'); + cy.contains('Tell us what you think!'); + cy.contains('Trying for the first time?'); + cy.contains('No entities available'); + cy.getByTestSubj('addDataButton').should('exist'); + cy.getByTestSubj('associateServiceLogsButton').should('exist'); + }); + }); + + describe('When there is entities and signal data', () => { + before(() => { + entitiesSynthtrace.index( + generateEntities({ from: new Date(start).getTime(), to: new Date(end).getTime() }) + ); + apmSynthtrace.index( + generateTraces({ from: new Date(start).getTime(), to: new Date(end).getTime() }) + ); + logsSynthtrace.index( + generateLogs({ from: new Date(start).getTime(), to: new Date(end).getTime() }) + ); + }); + after(() => { + entitiesSynthtrace.clean(); + apmSynthtrace.clean(); + logsSynthtrace.clean(); + }); + + it('Shows inventory page with entities', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.contains('server1'); + cy.contains('Host'); + cy.contains('synth-node-trace-logs'); + cy.contains('Service'); + cy.contains('foo'); + cy.contains('Container'); + }); + + it('Navigates to apm when clicking on a service type entity', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.contains('synth-node-trace-logs').click(); + cy.url().should('include', '/app/apm/services/synth-node-trace-logs/overview'); + }); + + it('Navigates to hosts when clicking on a host type entity', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.contains('server1').click(); + cy.url().should('include', '/app/metrics/detail/host/server1'); + }); + + it('Navigates to infra when clicking on a container type entity', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.contains('foo').click(); + cy.url().should('include', '/app/metrics/detail/container/foo'); + }); + + it('Filters entities by service type', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.intercept('GET', '/internal/inventory/entities*').as('getEntitites'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.getByTestSubj('entityTypesFilterComboBox') + .click() + .getByTestSubj('entityTypesFilterserviceOption') + .click(); + cy.wait('@getEntitites'); + cy.get('server1').should('not.exist'); + cy.contains('synth-node-trace-logs'); + cy.get('foo').should('not.exist'); + }); + + it('Filters entities by host type', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.intercept('GET', '/internal/inventory/entities*').as('getEntitites'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.getByTestSubj('entityTypesFilterComboBox') + .click() + .getByTestSubj('entityTypesFilterhostOption') + .click(); + cy.wait('@getEntitites'); + cy.contains('server1'); + cy.get('synth-node-trace-logs').should('not.exist'); + cy.get('foo').should('not.exist'); + }); + + it('Filters entities by container type', () => { + cy.intercept('GET', '/internal/entities/managed/enablement', { + fixture: 'eem_enabled.json', + }).as('getEEMStatus'); + cy.intercept('GET', '/internal/inventory/entities*').as('getEntitites'); + cy.visitKibana('/app/inventory'); + cy.wait('@getEEMStatus'); + cy.getByTestSubj('entityTypesFilterComboBox') + .click() + .getByTestSubj('entityTypesFiltercontainerOption') + .click(); + cy.wait('@getEntitites'); + cy.get('server1').should('not.exist'); + cy.get('synth-node-trace-logs').should('not.exist'); + cy.contains('foo'); + }); + }); + }); +}); diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/fixtures/eem_enabled.json b/x-pack/plugins/observability_solution/inventory/e2e/cypress/fixtures/eem_enabled.json new file mode 100644 index 0000000000000..37c8ceff4b186 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/fixtures/eem_enabled.json @@ -0,0 +1,3 @@ +{ + "enabled": true +} \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/commands.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/commands.ts new file mode 100644 index 0000000000000..6694b50ce9c70 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/commands.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import '@frsource/cypress-plugin-visual-regression-diff'; +import 'cypress-axe'; +import 'cypress-real-events/support'; + +Cypress.Commands.add('getByTestSubj', (selector: string) => { + return cy.get(`[data-test-subj="${selector}"]`); +}); + +Cypress.Commands.add('visitKibana', (url: string) => { + cy.visit(url); + cy.getByTestSubj('kbnLoadingMessage').should('exist'); + cy.getByTestSubj('kbnLoadingMessage').should('not.exist', { + timeout: 50000, + }); +}); + +Cypress.Commands.add('loginAsSuperUser', () => { + return cy.loginAs({ username: 'elastic', password: 'changeme' }); +}); + +Cypress.Commands.add( + 'loginAs', + ({ username, password }: { username: string; password: string }) => { + const kibanaUrl = Cypress.env('KIBANA_URL'); + cy.log(`Logging in as ${username} on ${kibanaUrl}`); + cy.visit('/'); + cy.request({ + log: true, + method: 'POST', + url: `${kibanaUrl}/internal/security/login`, + body: { + providerType: 'basic', + providerName: 'basic', + currentURL: `${kibanaUrl}/login`, + params: { username, password }, + }, + headers: { + 'kbn-xsrf': 'e2e_test', + }, + }); + cy.visit('/'); + } +); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/monitoring_config.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/e2e.ts similarity index 57% rename from x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/monitoring_config.ts rename to x-pack/plugins/observability_solution/inventory/e2e/cypress/support/e2e.ts index 675dde6f25a4b..5f5d1eb3b3614 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/monitoring_config.ts +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/e2e.ts @@ -5,13 +5,8 @@ * 2.0. */ -export const cluster = ['monitor']; +Cypress.on('uncaught:exception', (err, runnable) => { + return false; +}); -export const privileges = ['auto_configure', 'create_doc']; - -export const indices = [ - { - names: ['logs-*-*', 'metrics-*-*'], - privileges, - }, -]; +import './commands'; diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/types.d.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/types.d.ts new file mode 100644 index 0000000000000..c51b20c3b9904 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/support/types.d.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +declare namespace Cypress { + interface Chainable { + loginAsSuperUser(): Cypress.Chainable>; + loginAs(params: { + username: string; + password: string; + }): Cypress.Chainable>; + getByTestSubj(selector: string): Chainable>; + visitKibana(url: string): void; + } +} diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress_test_runner.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress_test_runner.ts new file mode 100644 index 0000000000000..59db9d3704eef --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress_test_runner.ts @@ -0,0 +1,103 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + EntitiesSynthtraceKibanaClient, + createLogger, + LogLevel, + ApmSynthtraceKibanaClient, +} from '@kbn/apm-synthtrace'; +import cypress from 'cypress'; +import path from 'path'; +import Url from 'url'; +import { FtrProviderContext } from './ftr_provider_context'; + +export async function cypressTestRunner({ getService }: FtrProviderContext) { + const config = getService('config'); + + const username = config.get('servers.elasticsearch.username'); + const password = config.get('servers.elasticsearch.password'); + + const kibanaUrl = Url.format({ + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: config.get('servers.kibana.port'), + auth: `${username}:${password}`, + }); + + const esNode = Url.format({ + protocol: config.get('servers.elasticsearch.protocol'), + port: config.get('servers.elasticsearch.port'), + hostname: config.get('servers.elasticsearch.hostname'), + auth: `${username}:${password}`, + }); + + const esRequestTimeout = config.get('timeouts.esRequestTimeout'); + const apmKibanaClient = new ApmSynthtraceKibanaClient({ + logger: createLogger(LogLevel.info), + target: kibanaUrl, + }); + + const packageVersion = await apmKibanaClient.fetchLatestApmPackageVersion(); + + const entitiesKibanaClient = new EntitiesSynthtraceKibanaClient({ + logger: createLogger(LogLevel.info), + target: kibanaUrl, + }); + + await Promise.all([ + apmKibanaClient.installApmPackage(packageVersion), + entitiesKibanaClient.installEntityIndexPatterns(), + ]); + + const kibanaUrlWithoutAuth = Url.format({ + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: config.get('servers.kibana.port'), + }); + + const cypressProjectPath = path.join(__dirname); + const { open, ...cypressCliArgs } = getCypressCliArgs(); + const cypressExecution = open ? cypress.open : cypress.run; + const res = await cypressExecution({ + ...cypressCliArgs, + project: cypressProjectPath, + browser: 'electron', + config: { + e2e: { + baseUrl: kibanaUrlWithoutAuth, + }, + }, + env: { + KIBANA_URL: kibanaUrlWithoutAuth, + APM_PACKAGE_VERSION: packageVersion, + ES_NODE: esNode, + ES_REQUEST_TIMEOUT: esRequestTimeout, + TEST_CLOUD: process.env.TEST_CLOUD, + }, + }); + + return res; +} + +function getCypressCliArgs(): Record { + if (!process.env.CYPRESS_CLI_ARGS) { + return {}; + } + + const { $0, _, ...cypressCliArgs } = JSON.parse(process.env.CYPRESS_CLI_ARGS) as Record< + string, + unknown + >; + + const spec = + typeof cypressCliArgs.spec === 'string' && !cypressCliArgs.spec.includes('**') + ? `**/${cypressCliArgs.spec}*` + : cypressCliArgs.spec; + + return { ...cypressCliArgs, spec }; +} diff --git a/x-pack/plugins/observability_solution/inventory/e2e/ftr_config.ts b/x-pack/plugins/observability_solution/inventory/e2e/ftr_config.ts new file mode 100644 index 0000000000000..3b5cf000e5772 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/ftr_config.ts @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; +import { CA_CERT_PATH } from '@kbn/dev-utils'; +import { commonFunctionalServices } from '@kbn/ftr-common-functional-services'; +import { commonFunctionalUIServices } from '@kbn/ftr-common-functional-ui-services'; +import { cypressTestRunner } from './cypress_test_runner'; +import { FtrProviderContext } from './ftr_provider_context'; + +async function ftrConfig({ readConfigFile }: FtrConfigProviderContext) { + const kibanaCommonTestsConfig = await readConfigFile( + require.resolve('@kbn/test-suites-src/common/config') + ); + const xpackFunctionalTestsConfig = await readConfigFile( + require.resolve('@kbn/test-suites-xpack/functional/config.base') + ); + + return { + ...kibanaCommonTestsConfig.getAll(), + + services: { + ...commonFunctionalServices, + ...commonFunctionalUIServices, + }, + + esTestCluster: { + ...xpackFunctionalTestsConfig.get('esTestCluster'), + serverArgs: [ + ...xpackFunctionalTestsConfig.get('esTestCluster.serverArgs'), + // define custom es server here + ], + }, + + kbnTestServer: { + ...xpackFunctionalTestsConfig.get('kbnTestServer'), + serverArgs: [ + ...xpackFunctionalTestsConfig.get('kbnTestServer.serverArgs'), + '--home.disableWelcomeScreen=true', + '--csp.strict=false', + '--csp.warnLegacyBrowsers=false', + // define custom kibana server args here + `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`, + ], + }, + testRunner: async (ftrProviderContext: FtrProviderContext) => { + const result = await cypressTestRunner(ftrProviderContext); + + // set exit code explicitly if at least one Cypress test fails + if ( + result && + ((result as CypressCommandLine.CypressFailedRunResult)?.status === 'failed' || + (result as CypressCommandLine.CypressRunResult)?.totalFailed) + ) { + process.exitCode = 1; + } + }, + }; +} + +// eslint-disable-next-line import/no-default-export +export default ftrConfig; diff --git a/x-pack/plugins/observability_solution/inventory/e2e/ftr_provider_context.d.ts b/x-pack/plugins/observability_solution/inventory/e2e/ftr_provider_context.d.ts new file mode 100644 index 0000000000000..b87f35adcccf2 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/ftr_provider_context.d.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { GenericFtrProviderContext } from '@kbn/test'; + +export type FtrProviderContext = GenericFtrProviderContext<{}, {}>; diff --git a/x-pack/plugins/observability_solution/inventory/e2e/kibana.jsonc b/x-pack/plugins/observability_solution/inventory/e2e/kibana.jsonc new file mode 100644 index 0000000000000..f8a6e417b60c7 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/kibana.jsonc @@ -0,0 +1,6 @@ +{ + "type": "test-helper", + "id": "@kbn/inventory-e2e", + "owner": "@elastic/obs-ux-infra_services-team", + "devOnly": true +} diff --git a/x-pack/plugins/observability_solution/inventory/e2e/setup_cypress_node_events.ts b/x-pack/plugins/observability_solution/inventory/e2e/setup_cypress_node_events.ts new file mode 100644 index 0000000000000..a47e6f5e7d578 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/setup_cypress_node_events.ts @@ -0,0 +1,118 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { + ApmSynthtraceEsClient, + EntitiesSynthtraceEsClient, + LogLevel, + LogsSynthtraceEsClient, + createLogger, +} from '@kbn/apm-synthtrace'; +import { createEsClientForTesting } from '@kbn/test'; +// eslint-disable-next-line @kbn/imports/no_unresolvable_imports +import { initPlugin } from '@frsource/cypress-plugin-visual-regression-diff/plugins'; +import del from 'del'; +import { some } from 'lodash'; +import { Readable } from 'stream'; + +export function setupNodeEvents(on: Cypress.PluginEvents, config: Cypress.PluginConfigOptions) { + const logger = createLogger(LogLevel.info); + + const client = createEsClientForTesting({ + esUrl: config.env.ES_NODE, + requestTimeout: config.env.ES_REQUEST_TIMEOUT, + isCloud: !!config.env.TEST_CLOUD, + }); + + const entitiesSynthtraceEsClient = new EntitiesSynthtraceEsClient({ + client, + logger, + refreshAfterIndex: true, + }); + + const apmSynthtraceEsClient = new ApmSynthtraceEsClient({ + client, + logger, + refreshAfterIndex: true, + version: config.env.APM_PACKAGE_VERSION, + }); + + const logsSynthtraceEsClient = new LogsSynthtraceEsClient({ + client, + logger, + refreshAfterIndex: true, + }); + + entitiesSynthtraceEsClient.pipeline( + entitiesSynthtraceEsClient.getDefaultPipeline({ includeSerialization: false }) + ); + + apmSynthtraceEsClient.pipeline( + apmSynthtraceEsClient.getDefaultPipeline({ includeSerialization: false }) + ); + + logsSynthtraceEsClient.pipeline( + logsSynthtraceEsClient.getDefaultPipeline({ includeSerialization: false }) + ); + + initPlugin(on, config); + + on('task', { + // send logs to node process + log(message) { + // eslint-disable-next-line no-console + console.log(message); + return null; + }, + + async 'entitiesSynthtrace:index'(events: Array>) { + await entitiesSynthtraceEsClient.index(Readable.from(events)); + return null; + }, + + async 'entitiesSynthtrace:clean'() { + await entitiesSynthtraceEsClient.clean(); + return null; + }, + + async 'apmSynthtrace:index'(events: Array>) { + await apmSynthtraceEsClient.index(Readable.from(events)); + return null; + }, + async 'apmSynthtrace:clean'() { + await apmSynthtraceEsClient.clean(); + return null; + }, + async 'logsSynthtrace:index'(events: Array>) { + await logsSynthtraceEsClient.index(Readable.from(events)); + return null; + }, + async 'logsSynthtrace:clean'() { + await logsSynthtraceEsClient.clean(); + return null; + }, + }); + + on('after:spec', (spec, results) => { + // Delete videos that have no failures or retries + if (results && results.video) { + const failures = some(results.tests, (test) => { + return some(test.attempts, { state: 'failed' }); + }); + if (!failures) { + del(results.video); + } + } + }); + + on('before:browser:launch', (browser, launchOptions) => { + if (browser.name === 'electron' && browser.isHeadless) { + launchOptions.preferences.width = 1440; + launchOptions.preferences.height = 1600; + } + return launchOptions; + }); +} diff --git a/x-pack/plugins/observability_solution/inventory/e2e/synthtrace.ts b/x-pack/plugins/observability_solution/inventory/e2e/synthtrace.ts new file mode 100644 index 0000000000000..5625bb577bd42 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/synthtrace.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { + Serializable, + SynthtraceGenerator, + EntityFields, + ApmFields, +} from '@kbn/apm-synthtrace-client'; + +export const entitiesSynthtrace = { + index: (events: SynthtraceGenerator | Array>) => + cy.task( + 'entitiesSynthtrace:index', + Array.from(events).flatMap((event) => event.serialize()) + ), + clean: () => cy.task('entitiesSynthtrace:clean'), +}; + +export const apmSynthtrace = { + index: (events: SynthtraceGenerator | Array>) => + cy.task( + 'apmSynthtrace:index', + Array.from(events).flatMap((event) => event.serialize()) + ), + clean: () => cy.task('apmSynthtrace:clean'), +}; + +export const logsSynthtrace = { + index: (events: SynthtraceGenerator | Array>) => + cy.task( + 'logsSynthtrace:index', + Array.from(events).flatMap((event) => event.serialize()) + ), + clean: () => cy.task('logsSynthtrace:clean'), +}; diff --git a/x-pack/plugins/observability_solution/inventory/e2e/tsconfig.json b/x-pack/plugins/observability_solution/inventory/e2e/tsconfig.json new file mode 100644 index 0000000000000..a22a34bd38564 --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/e2e/tsconfig.json @@ -0,0 +1,19 @@ +{ + "extends": "../../../../../tsconfig.base.json", + "include": ["**/*"], + "exclude": ["tmp", "target/**/*"], + "compilerOptions": { + "outDir": "target/types", + "types": ["cypress", "node", "cypress-real-events"], + "isolatedModules": false + }, + "kbn_references": [ + "@kbn/test", + "@kbn/apm-synthtrace", + "@kbn/apm-synthtrace-client", + "@kbn/dev-utils", + "@kbn/cypress-config", + "@kbn/ftr-common-functional-services", + "@kbn/ftr-common-functional-ui-services" + ] +} diff --git a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx index f5998d52e381f..6e55408d28e8c 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx @@ -21,6 +21,7 @@ interface Props { const toComboBoxOption = (entityType: EntityType): EuiComboBoxOptionOption => ({ key: entityType, label: getEntityTypeLabel(entityType), + 'data-test-subj': `entityTypesFilter${entityType}Option`, }); export function EntityTypesControls({ onChange }: Props) { @@ -44,6 +45,7 @@ export function EntityTypesControls({ onChange }: Props) { return ( + data-test-subj="entityTypesFilterComboBox" isLoading={loading} css={css` max-width: 325px; diff --git a/x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js b/x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js new file mode 100644 index 0000000000000..5c0d897cc671d --- /dev/null +++ b/x-pack/plugins/observability_solution/inventory/scripts/test/e2e.js @@ -0,0 +1,102 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* eslint-disable no-console */ +const { times } = require('lodash'); +const path = require('path'); +const yargs = require('yargs'); +const childProcess = require('child_process'); +const { REPO_ROOT } = require('@kbn/repo-info'); + +const { argv } = yargs(process.argv.slice(2)) + .parserConfiguration({ 'unknown-options-as-args': true }) + .option('kibana-install-dir', { + default: '', + type: 'string', + description: 'Path to the Kibana install directory', + }) + .option('server', { + default: false, + type: 'boolean', + description: 'Start Elasticsearch and Kibana', + }) + .option('runner', { + default: false, + type: 'boolean', + description: + 'Run all tests (an instance of Elasticsearch and kibana are needs to be available)', + }) + .option('times', { + type: 'number', + description: 'Repeat the test n number of times', + }) + .option('bail', { + default: false, + type: 'boolean', + description: 'stop tests after the first failure', + }) + .help(); + +const e2eDir = path.join(__dirname, '../../e2e'); + +let ftrScript = 'functional_tests.js'; +if (argv.server) { + ftrScript = 'functional_tests_server.js'; +} else if (argv.runner) { + ftrScript = 'functional_test_runner.js'; +} + +const cypressCliArgs = yargs(argv._).parserConfiguration({ + 'boolean-negation': false, +}).argv; + +if (cypressCliArgs.grep) { + throw new Error('--grep is not supported. Please use --spec instead'); +} + +const spawnArgs = [ + `${REPO_ROOT}/scripts/${ftrScript}`, + `--config=./ftr_config.ts`, + `--kibana-install-dir=${argv.kibanaInstallDir}`, + ...(argv.bail ? [`--bail`] : []), +]; + +function runTests() { + console.log(`Running e2e tests: "node ${spawnArgs.join(' ')}"`); + + return childProcess.spawnSync('node', spawnArgs, { + cwd: e2eDir, + env: { + ...process.env, + CYPRESS_CLI_ARGS: JSON.stringify(cypressCliArgs), + NODE_OPTIONS: '--openssl-legacy-provider', + }, + encoding: 'utf8', + stdio: 'inherit', + }); +} + +const runCounter = { succeeded: 0, failed: 0, remaining: argv.times }; +let exitStatus = 0; +times(argv.times ?? 1, () => { + const child = runTests(); + if (child.status === 0) { + runCounter.succeeded++; + } else { + exitStatus = child.status; + runCounter.failed++; + } + + runCounter.remaining--; + + if (argv.times > 1) { + console.log(runCounter); + } +}); + +process.exitCode = exitStatus; +console.log(`Quitting with exit code ${exitStatus}`); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/index.ts b/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/index.ts index d987fe480e7df..9f30d9203f605 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/index.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/index.ts @@ -6,4 +6,3 @@ */ export * from './custom_logs/generate_custom_logs_yml'; -export * from './system_logs/generate_system_logs_yml'; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/__snapshots__/generate_system_logs_yml.test.ts.snap b/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/__snapshots__/generate_system_logs_yml.test.ts.snap deleted file mode 100644 index ed4d602ba6a2f..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/__snapshots__/generate_system_logs_yml.test.ts.snap +++ /dev/null @@ -1,48 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`generateSystemLogsYml should return system logs oriented yml configuration 1`] = ` -"outputs: - default: - type: elasticsearch - hosts: - - http://localhost:9200 - api_key: elastic:changeme -inputs: - - id: system-logs-8df0ff52-6f3b-4b5a-a2da-f06c55d111d1 - type: logfile - data_stream: - namespace: default - streams: - - id: logfile-system.auth-8df0ff52-6f3b-4b5a-a2da-f06c55d111d1 - data_stream: - dataset: system.auth - type: logs - paths: - - /var/log/auth.log* - - /var/log/secure* - exclude_files: - - .gz$ - multiline: - pattern: ^s - match: after - tags: - - system-auth - processors: - - add_locale: null - - id: logfile-system.syslog-8df0ff52-6f3b-4b5a-a2da-f06c55d111d1 - data_stream: - dataset: system.syslog - type: logs - paths: - - /var/log/messages* - - /var/log/syslog* - - /var/log/system* - exclude_files: - - .gz$ - multiline: - pattern: ^s - match: after - processors: - - add_locale: null -" -`; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/generate_system_logs_yml.test.ts b/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/generate_system_logs_yml.test.ts deleted file mode 100644 index f26222f1ec0f2..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/generate_system_logs_yml.test.ts +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { generateSystemLogsYml } from './generate_system_logs_yml'; - -const baseMockConfig = { - namespace: 'default', - apiKey: 'elastic:changeme', - esHost: ['http://localhost:9200'], - uuid: '8df0ff52-6f3b-4b5a-a2da-f06c55d111d1', -}; - -describe('generateSystemLogsYml', () => { - it('should return system logs oriented yml configuration', () => { - const result = generateSystemLogsYml(baseMockConfig); - expect(result).toMatchSnapshot(); - }); -}); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/generate_system_logs_yml.ts b/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/generate_system_logs_yml.ts deleted file mode 100644 index 26552b8612193..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/common/elastic_agent_logs/system_logs/generate_system_logs_yml.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { dump } from 'js-yaml'; - -interface SystemLogsStream { - id: string; - data_stream: { - dataset: string; - type: string; - }; - paths: string[]; - exclude_files: string[]; - multiline: { - pattern: string; - match: string; - }; - tags?: string[]; - processors: Array<{ - add_locale: string | null; - }>; -} - -export const generateSystemLogsYml = ({ - namespace = 'default', - apiKey, - esHost, - uuid, -}: { - namespace?: string; - apiKey: string; - esHost: string[]; - uuid: string; -}) => { - return dump({ - outputs: { - default: { - type: 'elasticsearch', - hosts: esHost, - api_key: apiKey, - }, - }, - inputs: getSystemLogsInputs(uuid, namespace), - }); -}; - -export const getSystemLogsInputs = (uuid: string, namespace: string = 'default') => { - return [ - { - id: `system-logs-${uuid}`, - type: 'logfile', - data_stream: { - namespace, - }, - streams: getSystemLogsDataStreams(uuid), - }, - ]; -}; - -/* - * Utils - */ -export const getSystemLogsDataStreams = (uuid: string = ''): SystemLogsStream[] => [ - { - id: `logfile-system.auth-${uuid}`, - data_stream: { - dataset: 'system.auth', - type: 'logs', - }, - paths: ['/var/log/auth.log*', '/var/log/secure*'], - exclude_files: ['.gz$'], - multiline: { - pattern: '^s', - match: 'after', - }, - tags: ['system-auth'], - processors: [ - { - add_locale: null, - }, - ], - }, - { - id: `logfile-system.syslog-${uuid}`, - data_stream: { - dataset: 'system.syslog', - type: 'logs', - }, - paths: ['/var/log/messages*', '/var/log/syslog*', '/var/log/system*'], - exclude_files: ['.gz$'], - multiline: { - pattern: '^s', - match: 'after', - }, - processors: [ - { - add_locale: null, - }, - ], - }, -]; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/feedback.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/feedback.cy.ts index 1e04d4b25119f..542ca6ac80222 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/feedback.cy.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/feedback.cy.ts @@ -12,11 +12,6 @@ describe.skip('[Logs onboarding] Give Feedback', () => { cy.visitKibana('/app/observabilityOnboarding'); }); - it('feedback button is present in system logs onboarding', () => { - cy.getByTestSubj('obltOnboardingHomeStartSystemLogStream').click(); - cy.getByTestSubj('observabilityOnboardingPageGiveFeedback').should('exist'); - }); - it('feedback button is present in custom logs onboarding', () => { cy.getByTestSubj('obltOnboardingHomeStartLogFileStream').click(); cy.getByTestSubj('observabilityOnboardingPageGiveFeedback').should('exist'); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts deleted file mode 100644 index e9a2b896fbb1c..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts +++ /dev/null @@ -1,563 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -// Failing 9.0 version update: https://github.com/elastic/kibana/issues/192624 -describe.skip('[Logs onboarding] System logs', () => { - describe('System integration', () => { - beforeEach(() => { - cy.deleteIntegration('system'); - }); - - describe('when user clicks on back button', () => { - beforeEach(() => { - cy.loginAsViewerUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('navigates to observability logs onboarding page', () => { - cy.getByTestSubj('observabilityOnboardingFlowBackToSelectionButton').click(); - - cy.url().should('include', '/app/observabilityOnboarding'); - }); - }); - - describe('when user is missing privileges', () => { - beforeEach(() => { - cy.loginAsViewerUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('installation fails', () => { - cy.getByTestSubj('obltOnboardingSystemLogsIntegrationInstallationFailed').should('exist'); - }); - }); - - describe('when user has proper privileges', () => { - beforeEach(() => { - cy.loginAsEditorUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - after(() => { - cy.deleteIntegration('system'); - }); - - it('installation succeed', () => { - cy.getByTestSubj('obltOnboardingSystemLogsIntegrationInstalled').should('exist'); - }); - - it('show link to navigate to system integration when clicking info icon', () => { - cy.getByTestSubj('obltOnboardingSystemLogsIntegrationInstalled').should('exist'); - cy.getByTestSubj('obltOnboardingSystemLogsIntegrationInfo').should('exist').click(); - cy.getByTestSubj('observabilityOnboardingSystemIntegrationLearnMore').should('exist'); - }); - }); - }); - - describe('ApiKey generation', () => { - describe('when user is missing privileges', () => { - it('apiKey is not generated', () => { - cy.loginAsEditorUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - - cy.getByTestSubj('obltOnboardingLogsApiKeyCreationNoPrivileges').should('exist'); - }); - }); - - describe('when user has proper privileges', () => { - beforeEach(() => { - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('apiKey is generated', () => { - cy.getByTestSubj('obltOnboardingLogsApiKeyCreated').should('exist'); - }); - }); - - describe('when an error occurred on creation', () => { - before(() => { - cy.intercept('/internal/observability_onboarding/logs/flow', { - statusCode: 500, - body: { - message: 'Internal error', - }, - }); - - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('apiKey is not generated', () => { - cy.getByTestSubj('obltOnboardingLogsApiKeyCreationFailed').should('exist'); - }); - }); - }); - - describe('Install the Elastic Agent step', () => { - beforeEach(() => { - cy.intercept('POST', '/internal/observability_onboarding/logs/flow').as( - 'createOnboardingFlow' - ); - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - describe('When user select Linux OS', () => { - it('Auto download config to host is disabled by default', () => { - cy.get('.euiButtonGroup').contains('Linux').click(); - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig') - .should('be.enabled') - .should('not.be.checked'); - }); - - it('Installation script is shown', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentStep') - .get('.euiCodeBlock') - .should('exist'); - }); - }); - - describe('When user select Mac OS', () => { - beforeEach(() => { - cy.get('.euiButtonGroup').contains('MacOS').click(); - }); - - it('Auto download config to host is disabled by default', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig') - .should('be.enabled') - .should('not.be.checked'); - }); - - it('Installation script is shown', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentStep') - .get('.euiCodeBlock') - .should('exist'); - }); - }); - - describe('When user select Windows OS', () => { - beforeEach(() => { - cy.get('.euiButtonGroup').contains('Windows').click(); - }); - - it('Auto download config to host is disabled by default', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig') - .should('be.disabled') - .should('not.be.checked'); - }); - - it('A link to the documentation is shown instead of installation script', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentWindowsDocsLink').should('exist'); - - cy.getByTestSubj('obltOnboardingInstallElasticAgentStep') - .get('.euiCodeBlock') - .should('not.exist'); - }); - }); - - describe('When Auto download config', () => { - describe('is selected', () => { - it('autoDownloadConfig flag is added to installation script', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig').click(); - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfigCallout').should( - 'exist' - ); - cy.getByTestSubj('obltOnboardingInstallElasticAgentStep') - .get('.euiCodeBlock') - .should('contain', 'autoDownloadConfig=1'); - }); - - it('Download config button is disabled', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig').click(); - cy.getByTestSubj('obltOnboardingConfigureElasticAgentStepDownloadConfig').should( - 'be.disabled' - ); - }); - }); - - it('is not selected autoDownloadConfig flag is not added to installation script', () => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentStep') - .get('.euiCodeBlock') - .should('not.contain', 'autoDownloadConfig=1'); - }); - }); - - describe('When user executes the installation script in the host', () => { - let onboardingId: string; - - describe('updates on steps are shown in the flow', () => { - beforeEach(() => { - cy.wait('@createOnboardingFlow') - .its('response.body') - .then((body) => { - onboardingId = body.onboardingId; - }); - }); - - describe('Download elastic Agent step', () => { - it('shows a loading callout when elastic agent is downloading', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'loading'); - cy.getByTestSubj('obltOnboardingStepStatus-loading') - .contains('Downloading Elastic Agent') - .should('exist'); - }); - - it('shows a success callout when elastic agent is downloaded', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.getByTestSubj('obltOnboardingStepStatus-complete') - .contains('Elastic Agent downloaded') - .should('exist'); - }); - - it('shows a danger callout when elastic agent was not downloaded', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'danger'); - cy.getByTestSubj('obltOnboardingStepStatus-danger') - .contains('Download Elastic Agent') - .should('exist'); - }); - }); - - describe('Extract elastic Agent step', () => { - beforeEach(() => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - }); - - it('shows a loading callout when elastic agent is extracting', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'loading'); - cy.getByTestSubj('obltOnboardingStepStatus-loading') - .contains('Extracting Elastic Agent') - .should('exist'); - }); - - it('shows a success callout when elastic agent is extracted', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - cy.getByTestSubj('obltOnboardingStepStatus-complete') - .contains('Elastic Agent extracted') - .should('exist'); - }); - - it('shows a danger callout when elastic agent was not extracted', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'danger'); - cy.getByTestSubj('obltOnboardingStepStatus-danger') - .contains('Extract Elastic Agent') - .should('exist'); - }); - }); - - describe('Install elastic Agent step', () => { - beforeEach(() => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - }); - - it('shows a loading callout when elastic agent is installing', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'loading'); - cy.getByTestSubj('obltOnboardingStepStatus-loading') - .contains('Installing Elastic Agent') - .should('exist'); - }); - - it('shows a success callout when elastic agent is installed', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.getByTestSubj('obltOnboardingStepStatus-complete') - .contains('Elastic Agent installed') - .should('exist'); - }); - - it('shows a danger callout when elastic agent was not installed', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'danger'); - cy.getByTestSubj('obltOnboardingStepStatus-danger') - .contains('Install Elastic Agent') - .should('exist'); - }); - }); - - describe('Check elastic Agent status step', () => { - beforeEach(() => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - }); - - it('shows a loading callout when getting elastic agent status', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'loading'); - cy.getByTestSubj('obltOnboardingStepStatus-loading') - .contains('Connecting to the Elastic Agent') - .should('exist'); - }); - - it('shows a success callout when elastic agent status is healthy', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { - agentId: 'test-agent-id', - }); - cy.getByTestSubj('obltOnboardingStepStatus-complete') - .contains('Connected to the Elastic Agent') - .should('exist'); - }); - - it('shows a warning callout when elastic agent status is not healthy', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'warning'); - cy.getByTestSubj('obltOnboardingStepStatus-warning') - .contains('Connect to the Elastic Agent') - .should('exist'); - }); - }); - }); - }); - }); - - describe('Configure Elastic Agent step', () => { - let onboardingId: string; - - beforeEach(() => { - cy.intercept('POST', '/internal/observability_onboarding/logs/flow').as( - 'createOnboardingFlow' - ); - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - cy.wait('@createOnboardingFlow') - .its('response.body') - .then((body) => { - onboardingId = body.onboardingId; - }); - }); - - describe('When user select Linux OS', () => { - beforeEach(() => { - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig').click(); - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { - agentId: 'test-agent-id', - }); - }); - - it('shows loading callout when config is being downloaded to the host', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'loading'); - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-loading"]' - ).should('exist'); - cy.getByTestSubj('obltOnboardingStepStatus-loading') - .contains('Downloading Elastic Agent config') - .should('exist'); - }); - - it('shows success callout when the configuration has been written to the host', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete'); - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-complete"]' - ).should('exist'); - cy.getByTestSubj('obltOnboardingStepStatus-complete') - .contains('Elastic Agent config written to /opt/Elastic/Agent/elastic-agent.yml') - .should('exist'); - }); - - it('shows warning callout when the configuration was not written in the host', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'warning'); - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-warning"]' - ).should('exist'); - cy.getByTestSubj('obltOnboardingStepStatus-warning') - .contains('Configure the agent') - .should('exist'); - }); - }); - - describe('When user select Mac OS', () => { - beforeEach(() => { - cy.get('.euiButtonGroup').contains('MacOS').click(); - cy.getByTestSubj('obltOnboardingInstallElasticAgentAutoDownloadConfig').click(); - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { - agentId: 'test-agent-id', - }); - }); - - it('shows loading callout when config is being downloaded to the host', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'loading'); - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-loading"]' - ).should('exist'); - cy.getByTestSubj('obltOnboardingStepStatus-loading') - .contains('Downloading Elastic Agent config') - .should('exist'); - }); - - it('shows success callout when the configuration has been written to the host', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete'); - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-complete"]' - ).should('exist'); - cy.getByTestSubj('obltOnboardingStepStatus-complete') - .contains('Elastic Agent config written to /Library/Elastic/Agent/elastic-agent.yml') - .should('exist'); - }); - - it('shows warning callout when the configuration was not written in the host', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'warning'); - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-warning"]' - ).should('exist'); - cy.getByTestSubj('obltOnboardingStepStatus-warning') - .contains('Configure the agent') - .should('exist'); - }); - }); - - describe('When user select Windows', () => { - beforeEach(() => { - cy.get('.euiButtonGroup').contains('Windows').click(); - }); - - it('step is disabled', () => { - cy.get( - '[data-test-subj="obltOnboardingConfigureElasticAgentStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-disabled"]' - ).should('exist'); - }); - }); - }); - - describe('Check logs step', () => { - let onboardingId: string; - - beforeEach(() => { - cy.intercept('POST', '/internal/observability_onboarding/logs/flow').as( - 'createOnboardingFlow' - ); - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - cy.wait('@createOnboardingFlow') - .its('response.body') - .then((body) => { - onboardingId = body.onboardingId; - }); - }); - - describe('When user select Linux OS or MacOS', () => { - describe('When configure Elastic Agent step is not finished', () => { - beforeEach(() => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'loading'); - }); - - it('check logs is not triggered', () => { - cy.get( - '[data-test-subj="obltOnboardingCheckLogsStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-incomplete"]' - ).should('exist'); - cy.get('.euiStep__title').contains('Ship logs to Elastic Observability').should('exist'); - }); - }); - - describe('When configure Elastic Agent step has finished', () => { - beforeEach(() => { - cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { - agentId: 'test-agent-id', - }); - cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete'); - }); - - it('shows loading callout when logs are being checked', () => { - cy.get( - '[data-test-subj="obltOnboardingCheckLogsStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-loading"]' - ).should('exist'); - cy.get('.euiStep__title').contains('Waiting for logs to be shipped...').should('exist'); - }); - }); - }); - - describe('When user select Windows', () => { - beforeEach(() => { - cy.get('.euiButtonGroup').contains('Windows').click(); - }); - - it('step is disabled', () => { - cy.get( - '[data-test-subj="obltOnboardingCheckLogsStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-disabled"]' - ).should('exist'); - }); - }); - }); - - describe('When logs are being shipped', () => { - beforeEach(() => { - cy.intercept('GET', '**/progress', { - status: 200, - body: { - progress: { - 'ea-download': { status: 'complete' }, - 'ea-extract': { status: 'complete' }, - 'ea-install': { status: 'complete' }, - 'ea-status': { status: 'complete' }, - 'ea-config': { status: 'complete' }, - 'logs-ingest': { status: 'complete' }, - }, - }, - }).as('checkOnboardingProgress'); - cy.intercept('GET', '/api/fleet/epm/packages/system').as('systemIntegrationInstall'); - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('shows success callout when logs has arrived to elastic', () => { - cy.wait('@checkOnboardingProgress'); - cy.get( - '[data-test-subj="obltOnboardingCheckLogsStep"] .euiStep__titleWrapper [class$="euiStepNumber-s-complete"]' - ).should('exist'); - cy.get('.euiStep__title').contains('Logs are being shipped!').should('exist'); - }); - }); - - describe('Explore Logs', () => { - describe('when integration installation fails', () => { - beforeEach(() => { - cy.deleteIntegration('system'); - cy.intercept('GET', '/api/fleet/epm/packages/system', { - statusCode: 500, - body: { - message: 'Internal error', - }, - }).as('systemIntegrationInstall'); - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('when users clicks on Explore logs they navigate to logs explorer - All logs', () => { - cy.wait('@systemIntegrationInstall'); - cy.getByTestSubj('obltOnboardingExploreLogs').should('exist').click(); - - cy.url().should('include', '/app/observability-logs-explorer'); - cy.get('button').contains('All logs').should('exist'); - }); - }); - - describe('when integration installation succeed', () => { - beforeEach(() => { - cy.deleteIntegration('system'); - cy.intercept('GET', '/api/fleet/epm/packages/system').as('systemIntegrationInstall'); - cy.loginAsLogMonitoringUser(); - cy.visitKibana('/app/observabilityOnboarding/systemLogs'); - }); - - it('when users clicks on Explore logs they navigate to logs explorer and System integration is selected', () => { - cy.wait('@systemIntegrationInstall'); - cy.getByTestSubj('obltOnboardingExploreLogs').should('exist').click(); - - cy.url().should('include', '/app/observability-logs-explorer'); - cy.get('button').contains('[system] system.syslog').should('exist'); - }); - }); - }); -}); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/navigation.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/navigation.cy.ts index 32dfce528c66f..ebaa607179791 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/navigation.cy.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/navigation.cy.ts @@ -13,12 +13,6 @@ describe.skip('[Observability onboarding] Navigation', () => { }); describe('When user clicks on the card', () => { - it('navigates to system logs onboarding', () => { - cy.getByTestSubj('obltOnboardingHomeStartSystemLogStream').click(); - - cy.url().should('include', '/app/observabilityOnboarding/systemLogs'); - }); - it('navigates to custom logs onboarding', () => { cy.getByTestSubj('obltOnboardingHomeStartLogFileStream').click(); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx index 348b3c65f9371..24f37608a3ffa 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx @@ -17,7 +17,6 @@ import { LandingPage, OtelLogsPage, OtelKubernetesPage, - SystemLogsPage, FirehosePage, } from './pages'; import { ObservabilityOnboardingAppServices } from '..'; @@ -42,9 +41,6 @@ export function ObservabilityOnboardingFlow() { - - - diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/onboarding_flow_form.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/onboarding_flow_form.tsx index 01a1e066c4ddb..9a46cf885b285 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/onboarding_flow_form.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/onboarding_flow_form.tsx @@ -56,7 +56,7 @@ export const OnboardingFlowForm: FunctionComponent = () => { 'Monitor your host and the services running on it, set-up SLO, get alerted, remediate performance issues', } ), - logos: ['kubernetes', 'opentelemetry', 'apache', 'mysql'], + logos: ['opentelemetry', 'apache', 'mysql'], }, { id: 'kubernetes', @@ -86,7 +86,7 @@ export const OnboardingFlowForm: FunctionComponent = () => { 'Monitor the frontend and backend application that you have developed, set-up synthetic monitors', } ), - logos: ['opentelemetry', 'java', 'javascript', 'dotnet'], + logos: ['opentelemetry', 'java', 'ruby', 'dotnet'], }, { id: 'cloud', diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx index 4910f6de28904..10b2c52e441ee 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx @@ -33,6 +33,10 @@ export function useCustomCardsForCategory( const { href: autoDetectUrl } = reactRouterNavigate(history, `/auto-detect/${location.search}`); const { href: otelLogsUrl } = reactRouterNavigate(history, `/otel-logs/${location.search}`); const { href: kubernetesUrl } = reactRouterNavigate(history, `/kubernetes/${location.search}`); + const { href: otelKubernetesUrl } = reactRouterNavigate( + history, + `/otel-kubernetes/${location.search}` + ); const apmUrl = `${getUrlForApp?.('apm')}/${isServerless ? 'onboarding' : 'tutorial'}`; const otelApmUrl = isServerless ? `${apmUrl}?agent=openTelemetry` : apmUrl; @@ -44,9 +48,14 @@ export function useCustomCardsForCategory( id: 'auto-detect-logs', name: 'auto-detect-logs-virtual', type: 'virtual', - title: 'Auto-detect Integrations with Elastic Agent', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.autoDetectTitle', + { + defaultMessage: 'Auto-detect Integrations with Elastic Agent', + } + ), description: i18n.translate( - 'xpack.observability_onboarding.useCustomCardsForCategory.scanYourHostForLabel', + 'xpack.observability_onboarding.useCustomCardsForCategory.autoDetectDescription', { defaultMessage: 'Scan your host for log and metric files, auto-install integrations', } @@ -75,8 +84,19 @@ export function useCustomCardsForCategory( id: 'otel-logs', name: 'custom-logs-virtual', type: 'virtual', - title: 'Elastic Distribution for OTel Collector', - description: 'Collect logs and host metrics using the Elastic Distro for OTel Collector ', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.logsOtelTitle', + { + defaultMessage: 'Host monitoring with EDOT Collector', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.logsOtelDescription', + { + defaultMessage: + 'Collect logs and host metrics with the Elastic Distro for OTel Collector', + } + ), extraLabelsBadges: [ @@ -105,8 +125,19 @@ export function useCustomCardsForCategory( id: 'kubernetes-quick-start', name: 'kubernetes-quick-start', type: 'virtual', - title: 'Elastic Agent', - description: 'Monitor your Kubernetes cluster with Elastic Agent, collect container logs', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.kubernetesTitle', + { + defaultMessage: 'Kubernetes monitoring with Elastic Agent', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.kubernetesDescription', + { + defaultMessage: + 'Monitor your Kubernetes cluster with Elastic Agent, collect container logs', + } + ), extraLabelsBadges: [ @@ -125,11 +156,22 @@ export function useCustomCardsForCategory( isQuickstart: true, }, { - id: 'otel-logs', - name: 'custom-logs-virtual', + id: 'otel-kubernetes', + name: 'otel-kubernetes-virtual', type: 'virtual', - title: 'Elastic Distribution for OTel Collector', - description: 'Collect logs, metrics and traces for Kubernetes cluster monitoring', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.kubernetesOtelTitle', + { + defaultMessage: 'Kubernetes monitoring with EDOT Collector', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.kubernetesOtelDescription', + { + defaultMessage: + 'Unified Kubernetes observability with Elastic Distro for OTel Collector', + } + ), extraLabelsBadges: [ @@ -142,9 +184,10 @@ export function useCustomCardsForCategory( src: http?.staticAssets.getPluginAssetHref('opentelemetry.svg') ?? '', }, ], - url: otelLogsUrl, + url: otelKubernetesUrl, version: '', integration: '', + isQuickstart: true, }, ]; @@ -153,8 +196,18 @@ export function useCustomCardsForCategory( { id: 'apm-virtual', type: 'virtual', - title: 'Elastic APM', - description: 'Collect distributed traces from your applications with Elastic APM', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.apmTitle', + { + defaultMessage: 'Elastic APM', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.apmDescription', + { + defaultMessage: 'Collect distributed traces from your applications with Elastic APM', + } + ), name: 'apm', categories: ['observability'], icons: [ @@ -170,8 +223,18 @@ export function useCustomCardsForCategory( { id: 'otel-virtual', type: 'virtual', - title: 'OpenTelemetry', - description: 'Collect distributed traces with OpenTelemetry', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.apmOtelTitle', + { + defaultMessage: 'OpenTelemetry', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.apmOtelDescription', + { + defaultMessage: 'Collect distributed traces with OpenTelemetry', + } + ), name: 'otel', categories: ['observability'], icons: [ @@ -187,8 +250,18 @@ export function useCustomCardsForCategory( { id: 'synthetics-virtual', type: 'virtual', - title: 'Synthetic monitor', - description: 'Monitor endpoints, pages, and user journeys', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.syntheticsTitle', + { + defaultMessage: 'Synthetic monitor', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.syntheticsDescription', + { + defaultMessage: 'Monitor endpoints, pages, and user journeys', + } + ), name: 'synthetics', categories: ['observability'], icons: [ @@ -208,8 +281,18 @@ export function useCustomCardsForCategory( { id: 'azure-logs-virtual', type: 'virtual', - title: 'Azure', - description: 'Collect logs from Microsoft Azure', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.azureTitle', + { + defaultMessage: 'Azure', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.azureDescription', + { + defaultMessage: 'Collect logs from Microsoft Azure', + } + ), name: 'azure', categories: ['observability'], icons: [], @@ -222,8 +305,18 @@ export function useCustomCardsForCategory( { id: 'aws-logs-virtual', type: 'virtual', - title: 'AWS', - description: 'Collect logs from Amazon Web Services (AWS)', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.awsTitle', + { + defaultMessage: 'AWS', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.awsDescription', + { + defaultMessage: 'Collect logs from Amazon Web Services (AWS)', + } + ), name: 'aws', categories: ['observability'], icons: [], @@ -236,8 +329,18 @@ export function useCustomCardsForCategory( { id: 'gcp-logs-virtual', type: 'virtual', - title: 'Google Cloud Platform', - description: 'Collect logs from Google Cloud Platform', + title: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.gcpTitle', + { + defaultMessage: 'Google Cloud Platform', + } + ), + description: i18n.translate( + 'xpack.observability_onboarding.useCustomCardsForCategory.gcpDescription', + { + defaultMessage: 'Collect logs from Google Cloud Platform', + } + ), name: 'gcp', categories: ['observability'], icons: [], diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/index.ts b/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/index.ts index 7e5606205b607..ed52a7155316a 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/index.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/index.ts @@ -11,5 +11,4 @@ export { KubernetesPage } from './kubernetes'; export { OtelKubernetesPage } from './otel_kubernetes'; export { LandingPage } from './landing'; export { OtelLogsPage } from './otel_logs'; -export { SystemLogsPage } from './system_logs'; export { FirehosePage } from './firehose'; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/system_logs.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/system_logs.tsx deleted file mode 100644 index 78b7179af88a7..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/system_logs.tsx +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { PageTemplate } from './template'; -import { SystemLogsPanel } from '../quickstart_flows/system_logs'; -import { BackButton } from '../shared/back_button'; - -export const SystemLogsPage = () => ( - - - - -); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_kubernetes/otel_kubernetes_panel.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_kubernetes/otel_kubernetes_panel.tsx index c745793c47b3a..9d3e07cc2f612 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_kubernetes/otel_kubernetes_panel.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_kubernetes/otel_kubernetes_panel.tsx @@ -30,6 +30,10 @@ import { CopyToClipboardButton } from '../shared/copy_to_clipboard_button'; import { ObservabilityOnboardingContextValue } from '../../../plugin'; import { useKubernetesFlow } from '../kubernetes/use_kubernetes_flow'; +const OTEL_HELM_CHARTS_REPO = 'https://open-telemetry.github.io/opentelemetry-helm-charts'; +const OTEL_KUBE_STACK_VERSION = '0.3.0'; +const OTEL_KUBE_STACK_VALUES_FILE_URL = + 'https://raw.githubusercontent.com/elastic/opentelemetry/refs/heads/main/resources/kubernetes/operator/helm/values.yaml'; const CLUSTER_OVERVIEW_DASHBOARD_ID = 'kubernetes_otel-cluster-overview'; export const OtelKubernetesPanel: React.FC = () => { @@ -48,10 +52,7 @@ export const OtelKubernetesPanel: React.FC = () => { } const namespace = 'opentelemetry-operator-system'; - const valuesFile = - 'https://raw.githubusercontent.com/elastic/opentelemetry/refs/heads/main/resources/kubernetes/operator/helm/values.yaml'; - - const addRepoCommand = `helm repo add open-telemetry 'https://open-telemetry.github.io/opentelemetry-helm-charts' --force-update`; + const addRepoCommand = `helm repo add open-telemetry '${OTEL_HELM_CHARTS_REPO}' --force-update`; const installStackCommand = data ? `kubectl create namespace ${namespace} kubectl create secret generic elastic-secret-otel \\ @@ -60,8 +61,8 @@ kubectl create secret generic elastic-secret-otel \\ --from-literal=elastic_api_key='${data.apiKeyEncoded}' helm install opentelemetry-kube-stack open-telemetry/opentelemetry-kube-stack \\ --namespace ${namespace} \\ - --create-namespace \\ - --values '${valuesFile}'` + --values '${OTEL_KUBE_STACK_VALUES_FILE_URL}' \\ + --version '${OTEL_KUBE_STACK_VERSION}'` : undefined; return ( @@ -143,7 +144,7 @@ helm install opentelemetry-kube-stack open-telemetry/opentelemetry-kube-stack \\ diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx index 9eb7c83b03fc0..a78466d06a6b2 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx @@ -88,458 +88,6 @@ export const OtelLogsPanel: React.FC = () => { }, [getDeeplinks]); const installTabContents = [ - { - id: 'kubernetes', - name: 'Kubernetes', - prompt: ( - <> - -

- {i18n.translate( - 'xpack.observability_onboarding.otelLogsPanel.kubernetesApplyCommandPromptLabel', - { - defaultMessage: - 'From the directory where the manifest is downloaded, run the following command to install the collector on every node of your cluster:', - } - )} -

- - - - ), - firstStepTitle: i18n.translate( - 'xpack.observability_onboarding.otelLogsPanel.steps.downloadManifest', - { defaultMessage: 'Download the manifest:' } - ), - content: `apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-otel-collector-agent - namespace: default - labels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-otel-collector-agent - labels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "nodes"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apps"] - resources: ["daemonsets", "deployments", "replicasets", "statefulsets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions"] - resources: ["daemonsets", "deployments", "replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: [ "" ] - resources: [ "nodes/stats" ] - verbs: [ "get", "watch", "list" ] - - apiGroups: [ "" ] - resources: [ "nodes/proxy" ] - verbs: [ "get" ] - - apiGroups: [ "" ] - resources: ["configmaps"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-otel-collector-agent - labels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: elastic-otel-collector-agent -subjects: - - kind: ServiceAccount - name: elastic-otel-collector-agent - namespace: default ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: elastic-otel-collector-agent - namespace: default - labels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" -data: - otel.yaml: | - exporters: - debug: - verbosity: basic - elasticsearch: - endpoints: - - \${env:ES_ENDPOINT} - api_key: \${env:ES_API_KEY} - logs_dynamic_index: - enabled: true - mapping: - mode: ecs - processors: - elasticinframetrics: - add_system_metrics: true - add_k8s_metrics: true - resourcedetection/eks: - detectors: [env, eks] - timeout: 15s - override: true - eks: - resource_attributes: - k8s.cluster.name: - enabled: true - resourcedetection/gcp: - detectors: [env, gcp] - timeout: 2s - override: false - resource/k8s: - attributes: - - key: service.name - from_attribute: app.label.component - action: insert - attributes/k8s_logs_dataset: - actions: - - key: data_stream.dataset - value: "kubernetes.container_logs" - action: upsert - attributes/dataset: - actions: - - key: event.dataset - from_attribute: data_stream.dataset - action: upsert - resource/cloud: - attributes: - - key: cloud.instance.id - from_attribute: host.id - action: insert - resource/process: - attributes: - - key: process.executable.name - action: delete - - key: process.executable.path - action: delete - resourcedetection/system: - detectors: ["system", "ec2"] - system: - hostname_sources: [ "os" ] - resource_attributes: - host.name: - enabled: true - host.id: - enabled: false - host.arch: - enabled: true - host.ip: - enabled: true - host.mac: - enabled: true - host.cpu.vendor.id: - enabled: true - host.cpu.family: - enabled: true - host.cpu.model.id: - enabled: true - host.cpu.model.name: - enabled: true - host.cpu.stepping: - enabled: true - host.cpu.cache.l2.size: - enabled: true - os.description: - enabled: true - os.type: - enabled: true - ec2: - resource_attributes: - host.name: - enabled: false - host.id: - enabled: true - k8sattributes: - filter: - node_from_env_var: K8S_NODE_NAME - passthrough: false - pod_association: - - sources: - - from: resource_attribute - name: k8s.pod.ip - - sources: - - from: resource_attribute - name: k8s.pod.uid - - sources: - - from: connection - extract: - metadata: - - "k8s.namespace.name" - - "k8s.deployment.name" - - "k8s.statefulset.name" - - "k8s.daemonset.name" - - "k8s.cronjob.name" - - "k8s.job.name" - - "k8s.node.name" - - "k8s.pod.name" - - "k8s.pod.uid" - - "k8s.pod.start_time" - labels: - - tag_name: app.label.component - key: app.kubernetes.io/component - from: pod - extensions: - file_storage: - directory: /var/lib/otelcol - receivers: - filelog: - retry_on_failure: - enabled: true - start_at: end - exclude: - - /var/log/pods/default_elastic-otel-collector-agent*_*/elastic-opentelemetry-collector/*.log - include: - - /var/log/pods/*/*/*.log - include_file_name: false - include_file_path: true - storage: file_storage - operators: - - id: container-parser - type: container - hostmetrics: - collection_interval: 10s - root_path: /hostfs - scrapers: - cpu: - metrics: - system.cpu.utilization: - enabled: true - system.cpu.logical.count: - enabled: true - memory: - metrics: - system.memory.utilization: - enabled: true - process: - mute_process_exe_error: true - mute_process_io_error: true - mute_process_user_error: true - metrics: - process.threads: - enabled: true - process.open_file_descriptors: - enabled: true - process.memory.utilization: - enabled: true - process.disk.operations: - enabled: true - network: - processes: - load: - disk: - filesystem: - exclude_mount_points: - mount_points: - - /dev/* - - /proc/* - - /sys/* - - /run/k3s/containerd/* - - /var/lib/docker/* - - /var/lib/kubelet/* - - /snap/* - match_type: regexp - exclude_fs_types: - fs_types: - - autofs - - binfmt_misc - - bpf - - cgroup2 - - configfs - - debugfs - - devpts - - devtmpfs - - fusectl - - hugetlbfs - - iso9660 - - mqueue - - nsfs - - overlay - - proc - - procfs - - pstore - - rpc_pipefs - - securityfs - - selinuxfs - - squashfs - - sysfs - - tracefs - match_type: strict - kubeletstats: - auth_type: serviceAccount - collection_interval: 20s - endpoint: \${env:K8S_NODE_NAME}:10250 - node: '\${env:K8S_NODE_NAME}' - # Required to work for all CSPs without an issue - insecure_skip_verify: true - k8s_api_config: - auth_type: serviceAccount - metrics: - k8s.pod.cpu.node.utilization: - enabled: true - k8s.container.cpu_limit_utilization: - enabled: true - k8s.pod.cpu_limit_utilization: - enabled: true - k8s.container.cpu_request_utilization: - enabled: true - k8s.container.memory_limit_utilization: - enabled: true - k8s.pod.memory_limit_utilization: - enabled: true - k8s.container.memory_request_utilization: - enabled: true - k8s.node.uptime: - enabled: true - k8s.node.cpu.usage: - enabled: true - k8s.pod.cpu.usage: - enabled: true - extra_metadata_labels: - - container.id - - service: - extensions: [file_storage] - pipelines: - logs: - exporters: - - elasticsearch - - debug - processors: - - k8sattributes - - resourcedetection/system - - resourcedetection/eks - - resourcedetection/gcp - - resource/k8s - - resource/cloud - - attributes/k8s_logs_dataset - receivers: - - filelog - metrics: - exporters: - - debug - - elasticsearch - processors: - - k8sattributes - - elasticinframetrics - - resourcedetection/system - - resourcedetection/eks - - resourcedetection/gcp - - resource/k8s - - resource/cloud - - attributes/dataset - - resource/process - receivers: - - kubeletstats - - hostmetrics ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-otel-collector-agent - namespace: default - labels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" - template: - metadata: - labels: - app.kubernetes.io/name: elastic-opentelemetry-collector - app.kubernetes.io/version: "${agentVersion}" - spec: - serviceAccountName: elastic-otel-collector-agent - securityContext: - runAsUser: 0 - runAsGroup: 0 - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: elastic-opentelemetry-collector - command: [/usr/share/elastic-agent/elastic-agent] - args: ["otel", "-c", "/etc/elastic-agent/otel.yaml"] - image: docker.elastic.co/beats/elastic-agent:${agentVersion} - imagePullPolicy: IfNotPresent - env: - - name: MY_POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: K8S_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ES_ENDPOINT - valueFrom: - secretKeyRef: - key: es_endpoint - name: elastic-secret-otel - - name: ES_API_KEY - valueFrom: - secretKeyRef: - key: es_api_key - name: elastic-secret-otel - volumeMounts: - - mountPath: /etc/elastic-agent/otel.yaml - name: opentelemetry-collector-configmap - readOnly: true - subPath: otel.yaml - - name: varlogpods - mountPath: /var/log/pods - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlibotelcol - mountPath: /var/lib/otelcol - - name: hostfs - mountPath: /hostfs - readOnly: true - mountPropagation: HostToContainer - - volumes: - - name: opentelemetry-collector-configmap - configMap: - name: elastic-otel-collector-agent - defaultMode: 0640 - - name: varlogpods - hostPath: - path: /var/log/pods - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlibotelcol - hostPath: - path: /var/lib/otelcol - type: DirectoryOrCreate - - name: hostfs - hostPath: - path: /`, - type: 'download', - fileName: 'otel-collector-k8s.yml', - }, { id: 'linux', name: 'Linux', @@ -613,39 +161,20 @@ rm ./otel.yml && cp ./otel_samples/platformlogs_hostmetrics.yml ./otel.yml && mk - {selectedContent.type === 'download' ? ( - - {i18n.translate( - 'xpack.observability_onboarding.installOtelCollector.configStep.downloadConfigButton', - { defaultMessage: 'Download manifest' } - )} - - ) : ( - - {(copy) => ( - - {i18n.translate( - 'xpack.observability_onboarding.installOtelCollector.configStep.copyCommand', - { defaultMessage: 'Copy to clipboard' } - )} - - )} - - )} + + {(copy) => ( + + {i18n.translate( + 'xpack.observability_onboarding.installOtelCollector.configStep.copyCommand', + { defaultMessage: 'Copy to clipboard' } + )} + + )} + @@ -673,35 +202,28 @@ rm ./otel.yml && cp ./otel_samples/platformlogs_hostmetrics.yml ./otel.yml && mk } )}

- {selectedTab !== 'kubernetes' && ( -

- {i18n.translate( - 'xpack.observability_onboarding.otelLogsPanel.historicalDataDescription2', - { - defaultMessage: - 'The default log path is /var/log/*. You can change this path in the otel.yml file if needed.', - } - )} -

- )} +

+ {i18n.translate( + 'xpack.observability_onboarding.otelLogsPanel.historicalDataDescription2', + { + defaultMessage: + 'The default log path is /var/log/*. You can change this path in the otel.yml file if needed.', + } + )} +

- {selectedContent.prompt} - {selectedContent.start && ( - <> - -

- {i18n.translate( - 'xpack.observability_onboarding.otelLogsPanel.p.startTheCollectorLabel', - { - defaultMessage: 'Run the following command to start the collector', - } - )} -

- - - - )} + +

+ {i18n.translate( + 'xpack.observability_onboarding.otelLogsPanel.p.startTheCollectorLabel', + { + defaultMessage: 'Run the following command to start the collector', + } + )} +

+ + ), }, diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/index.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/index.tsx deleted file mode 100644 index 9f507dd72db58..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/index.tsx +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiPanel } from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; -import { Route } from '@kbn/shared-ux-router'; -import { createWizardContext, Step } from '../../../context/create_wizard_context'; -import { InstallElasticAgent } from './install_elastic_agent'; - -interface WizardState { - elasticAgentPlatform: 'linux-tar' | 'macos' | 'windows'; - autoDownloadConfig: boolean; - apiKeyEncoded: string; - onboardingId: string; -} - -const initialState: WizardState = { - elasticAgentPlatform: 'linux-tar', - autoDownloadConfig: false, - apiKeyEncoded: '', - onboardingId: '', -}; - -export type SystemLogsSteps = 'installElasticAgent'; - -const steps: Record = { - installElasticAgent: { - component: InstallElasticAgent, - title: i18n.translate('xpack.observability_onboarding.systemLogs.installShipper.title', { - defaultMessage: 'Install shipper to collect system logs', - }), - }, -}; - -const { - Provider, - useWizard, - routes: systemLogsRoutes, -} = createWizardContext({ - initialState, - initialStep: 'installElasticAgent', - steps, - basePath: '/systemLogs', -}); - -export { Provider, useWizard, systemLogsRoutes }; - -export const SystemLogsPanel: React.FC = () => { - return ( - - - {Object.keys(systemLogsRoutes).map((key) => { - const path = key as keyof typeof systemLogsRoutes; - const { handler, exact } = systemLogsRoutes[path]; - return ; - })} - - - ); -}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/install_elastic_agent.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/install_elastic_agent.tsx deleted file mode 100644 index ea25181243571..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/install_elastic_agent.tsx +++ /dev/null @@ -1,323 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EuiButton, EuiHorizontalRule, EuiSpacer, EuiText } from '@elastic/eui'; -import { - AllDatasetsLocatorParams, - ALL_DATASETS_LOCATOR_ID, - SingleDatasetLocatorParams, - SINGLE_DATASET_LOCATOR_ID, -} from '@kbn/deeplinks-observability/locators'; -import { i18n } from '@kbn/i18n'; -import { useKibana } from '@kbn/kibana-react-plugin/public'; -import { default as React, useCallback, useEffect, useState } from 'react'; -import { useWizard } from '.'; -import { FETCH_STATUS, useFetcher } from '../../../hooks/use_fetcher'; -import { ObservabilityOnboardingPluginSetupDeps } from '../../../plugin'; -import { - ElasticAgentPlatform, - getElasticAgentSetupCommand, -} from '../shared/get_elastic_agent_setup_command'; -import { - EuiStepStatus, - InstallElasticAgentSteps, - ProgressStepId, -} from '../shared/install_elastic_agent_steps'; -import { StepModal } from '../shared/step_panel'; -import { TroubleshootingLink } from '../shared/troubleshooting_link'; -import { WindowsInstallStep } from '../shared/windows_install_step'; -import { ApiKeyBanner } from '../custom_logs/api_key_banner'; -import { SystemIntegrationBanner, SystemIntegrationBannerState } from './system_integration_banner'; -import { useFlowProgressTelemetry } from '../../../hooks/use_flow_progress_telemetry'; - -export function InstallElasticAgent() { - const { - services: { share }, - } = useKibana(); - - const singleDatasetLocator = - share.url.locators.get(SINGLE_DATASET_LOCATOR_ID); - const allDataSetsLocator = - share.url.locators.get(ALL_DATASETS_LOCATOR_ID); - - const { getState, setState } = useWizard(); - const wizardState = getState(); - const [elasticAgentPlatform, setElasticAgentPlatform] = - useState('linux-tar'); - const [systemIntegrationStatus, setSystemIntegrationStatus] = - useState('pending'); - - const onIntegrationStatusChange = useCallback((status: SystemIntegrationBannerState) => { - setSystemIntegrationStatus(status); - }, []); - - const datasetName = 'system-logs'; - - async function onContinue() { - if (systemIntegrationStatus === 'rejected') { - await allDataSetsLocator!.navigate({ - origin: { id: 'application-log-onboarding' }, - }); - return; - } - - await singleDatasetLocator!.navigate({ - integration: 'system', - dataset: 'system.syslog', - origin: { id: 'application-log-onboarding' }, - }); - } - - function onAutoDownloadConfig() { - setState((state) => ({ - ...state, - autoDownloadConfig: !state.autoDownloadConfig, - })); - } - - const { data: monitoringRole, status: monitoringRoleStatus } = useFetcher((callApi) => { - return callApi('GET /internal/observability_onboarding/logs/setup/privileges'); - }, []); - - const { data: setup } = useFetcher((callApi) => { - return callApi('GET /internal/observability_onboarding/logs/setup/environment'); - }, []); - - const { - data: installShipperSetup, - status: installShipperSetupStatus, - error, - } = useFetcher( - (callApi) => { - if (monitoringRole?.hasPrivileges) { - return callApi('POST /internal/observability_onboarding/logs/flow', { - params: { - body: { - name: datasetName, - type: 'systemLogs', - }, - }, - }); - } - }, - [monitoringRole?.hasPrivileges] - ); - - const { apiKeyEncoded, onboardingId } = installShipperSetup ?? getState(); - - const successfullyInstalledShipperSetup = installShipperSetupStatus === FETCH_STATUS.SUCCESS; - - const { data: yamlConfig = '', status: yamlConfigStatus } = useFetcher( - (callApi) => { - if (apiKeyEncoded && onboardingId) { - return callApi('GET /internal/observability_onboarding/elastic_agent/config', { - headers: { authorization: `ApiKey ${apiKeyEncoded}` }, - params: { query: { onboardingId } }, - }); - } - }, - // FIXME: Dario could not find a reasonable fix for successfullyInstalledShipperSetup - // eslint-disable-next-line react-hooks/exhaustive-deps - [apiKeyEncoded, onboardingId, successfullyInstalledShipperSetup] - ); - - useEffect(() => { - setState((state) => ({ ...state, onboardingId, apiKeyEncoded })); - // eslint-disable-next-line react-hooks/exhaustive-deps - }, [onboardingId, apiKeyEncoded]); - - const { - data: progressData, - status: progressStatus, - refetch: refetchProgress, - } = useFetcher( - (callApi) => { - if (onboardingId) { - return callApi('GET /internal/observability_onboarding/flow/{onboardingId}/progress', { - params: { path: { onboardingId } }, - }); - } - }, - [onboardingId] - ); - - const progressSucceded = progressStatus === FETCH_STATUS.SUCCESS; - - useEffect(() => { - if (progressSucceded) { - setTimeout(() => { - refetchProgress(); - }, 2000); - } - }, [progressSucceded, refetchProgress]); - - useFlowProgressTelemetry(progressData?.progress, 'system_logs'); - - const getCheckLogsStep = useCallback(() => { - const progress = progressData?.progress; - if (progress) { - const stepStatus = progress?.['logs-ingest']?.status as EuiStepStatus; - const title = - stepStatus === 'loading' - ? CHECK_LOGS_LABELS.loading - : stepStatus === 'complete' - ? CHECK_LOGS_LABELS.completed - : CHECK_LOGS_LABELS.incomplete; - return { - title, - status: stepStatus, - 'data-test-subj': 'obltOnboardingCheckLogsStep', - }; - } - return { - title: CHECK_LOGS_LABELS.incomplete, - status: 'incomplete' as const, - }; - }, [progressData?.progress]); - - const isInstallStarted = progressData?.progress['ea-download'] !== undefined; - const isInstallCompleted = progressData?.progress?.['ea-status']?.status === 'complete'; - const autoDownloadConfigStatus = progressData?.progress?.['ea-config']?.status as EuiStepStatus; - - return ( - - {i18n.translate('xpack.observability_onboarding.steps.exploreLogs', { - defaultMessage: 'Explore logs', - })} - , - ]} - panelProps={{ - hasBorder: false, - color: 'transparent', - paddingSize: 'none', - }} - > - -

- {i18n.translate( - 'xpack.observability_onboarding.systemLogs.installElasticAgent.description', - { - defaultMessage: - 'To collect the data from your system and stream it to Elastic, you first need to install a shipping tool on the machine generating the logs. In this case, the shipping tool is an agent developed by Elastic.', - } - )} -

- - - - - {apiKeyEncoded && onboardingId ? ( - - ) : ( - monitoringRoleStatus !== FETCH_STATUS.NOT_INITIATED && - monitoringRoleStatus !== FETCH_STATUS.LOADING && ( - - ) - )} - - - ), - }, - ]} - onSelectPlatform={(id) => setElasticAgentPlatform(id)} - selectedPlatform={elasticAgentPlatform} - installAgentCommand={getElasticAgentSetupCommand({ - elasticAgentPlatform, - apiKeyEncoded, - apiEndpoint: setup?.apiEndpoint, - scriptDownloadUrl: setup?.scriptDownloadUrl, - elasticAgentVersion: setup?.elasticAgentVersion, - autoDownloadConfig: wizardState.autoDownloadConfig, - onboardingId, - })} - autoDownloadConfig={wizardState.autoDownloadConfig} - onToggleAutoDownloadConfig={onAutoDownloadConfig} - installAgentStatus={ - installShipperSetupStatus === FETCH_STATUS.LOADING - ? 'loading' - : isInstallCompleted - ? 'complete' - : 'current' - } - showInstallProgressSteps={isInstallStarted} - installProgressSteps={ - (progressData?.progress ?? {}) as Partial< - Record - > - } - configureAgentStatus={ - yamlConfigStatus === FETCH_STATUS.LOADING ? 'loading' : autoDownloadConfigStatus - } - configureAgentYaml={yamlConfig} - appendedSteps={[getCheckLogsStep()]} - /> - - - - ); -} - -const CHECK_LOGS_LABELS = { - incomplete: i18n.translate( - 'xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.incompleteTitle', - { defaultMessage: 'Ship logs to Elastic Observability' } - ), - loading: i18n.translate( - 'xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.loadingTitle', - { defaultMessage: 'Waiting for logs to be shipped...' } - ), - completed: i18n.translate( - 'xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.completedTitle', - { defaultMessage: 'Logs are being shipped!' } - ), -}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/system_integration_banner.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/system_integration_banner.tsx deleted file mode 100644 index 305c921dddfb5..0000000000000 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/system_logs/system_integration_banner.tsx +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EuiCallOut, EuiFlexGroup, EuiFlexItem, EuiLink, EuiLoadingSpinner } from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; -import { FormattedMessage } from '@kbn/i18n-react'; -import React, { useCallback, useEffect, useState } from 'react'; -import type { MouseEvent } from 'react'; -import { - IntegrationInstallationError, - useInstallIntegrations, -} from '../../../hooks/use_install_integrations'; -import { useKibanaNavigation } from '../../../hooks/use_kibana_navigation'; -import { PopoverTooltip } from '../shared/popover_tooltip'; - -export type SystemIntegrationBannerState = 'pending' | 'resolved' | 'rejected'; - -export function SystemIntegrationBanner({ - onStatusChange, -}: { - onStatusChange?: (status: SystemIntegrationBannerState) => void; -}) { - const { navigateToAppUrl } = useKibanaNavigation(); - const [integrationVersion, setIntegrationVersion] = useState(); - const [error, setError] = useState(); - - const onIntegrationCreationSuccess = useCallback( - ({ versions }: { versions?: string[] }) => { - setIntegrationVersion(versions?.[0]); - onStatusChange?.('resolved'); - }, - [onStatusChange] - ); - - const onIntegrationCreationFailure = useCallback( - (e: IntegrationInstallationError) => { - setError(e); - onStatusChange?.('rejected'); - }, - [onStatusChange] - ); - - const { performRequest, requestState } = useInstallIntegrations({ - onIntegrationCreationSuccess, - onIntegrationCreationFailure, - }); - - useEffect(() => { - performRequest(); - }, [performRequest]); - - const isInstallingIntegration = requestState.state === 'pending'; - const hasFailedInstallingIntegration = requestState.state === 'rejected'; - const hasInstalledIntegration = requestState.state === 'resolved'; - - if (isInstallingIntegration) { - return ( - - - - - - {i18n.translate('xpack.observability_onboarding.systemIntegration.installing', { - defaultMessage: 'Installing system integration', - })} - - - } - color="primary" - data-test-subj="obltOnboardingSystemLogsInstallingIntegration" - /> - ); - } - if (hasFailedInstallingIntegration) { - return ( - - - {error?.message} - - - ); - } - if (hasInstalledIntegration) { - return ( - - - - - {i18n.translate( - 'xpack.observability_onboarding.systemIntegration.installed.tooltip.description', - { - defaultMessage: - 'Integrations streamline connecting your data to the Elastic Stack.', - } - )} - - - { - event.preventDefault(); - navigateToAppUrl( - `/integrations/detail/system-${integrationVersion}` - ); - }} - > - {i18n.translate( - 'xpack.observability_onboarding.systemIntegration.installed.tooltip.link.label', - { - defaultMessage: 'Learn more', - } - )} - - ), - }} - /> - - - - ), - }} - /> - } - color="success" - iconType="check" - data-test-subj="obltOnboardingSystemLogsIntegrationInstalled" - /> - - ); - } - return null; -} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/shared/logo_icon.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/shared/logo_icon.tsx index bd95473c15617..9efba65d1c299 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/shared/logo_icon.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/shared/logo_icon.tsx @@ -27,6 +27,7 @@ export type SupportedLogo = | 'mysql' | 'postgresql' | 'redis' + | 'ruby' | 'haproxy' | 'rabbitmq' | 'kafka' @@ -54,6 +55,7 @@ export function isSupportedLogo(logo: string): logo is SupportedLogo { 'mysql', 'postgresql', 'redis', + 'ruby', 'haproxy', 'rabbitmq', 'kafka', diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/java.svg b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/java.svg index 943e009ec8dfe..73e5416d10c73 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/java.svg +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/java.svg @@ -1,3 +1,7 @@ - - + + + + + + diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/ruby.svg b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/ruby.svg new file mode 100644 index 0000000000000..22398b4d03641 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/ruby.svg @@ -0,0 +1,130 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/get_location.test.ts b/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/get_location.test.ts index 3ea1f9db46c41..78f0ede5e0e20 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/get_location.test.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/get_location.test.ts @@ -27,14 +27,14 @@ describe('getLocation', () => { it('should return the correct location with only source', () => { const params: ObservabilityOnboardingLocatorParams = { - source: 'systemLogs', + source: 'auto-detect', }; const result = getLocation(params); expect(result).toEqual({ app: PLUGIN_ID, - path: '/systemLogs', + path: '/auto-detect', state: {}, }); }); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/locator_definition.test.ts b/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/locator_definition.test.ts index 6caf9222a239f..d62cfaec97220 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/locator_definition.test.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/locators/onboarding_locator/locator_definition.test.ts @@ -21,11 +21,11 @@ describe('Observability onboarding locator', () => { test('should create a link to specified log source onboarding', async () => { const locator = new ObservabilityOnboardingLocatorDefinition(); - const systemLocation = await locator.getLocation({ source: 'systemLogs' }); + const systemLocation = await locator.getLocation({ source: 'customLogs' }); expect(systemLocation).toMatchObject({ app: 'observabilityOnboarding', - path: '/systemLogs', + path: '/customLogs', state: {}, }); }); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_install_api_key.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_install_api_key.ts index eddc5e10b5c65..3a5680b499055 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_install_api_key.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_install_api_key.ts @@ -21,10 +21,7 @@ export function createInstallApiKey(name: string): CreateAPIKeyParams { }, kibana_role_descriptors: { can_install_integrations: { - elasticsearch: { - cluster: [], - indices: [], - }, + elasticsearch: {}, kibana: [ { feature: { diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_shipper_api_key.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_shipper_api_key.ts index 942ebdbbd07cd..bdfdd202a962e 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_shipper_api_key.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/create_shipper_api_key.ts @@ -6,9 +6,9 @@ */ import { ElasticsearchClient } from '@kbn/core/server'; -import { cluster, indices } from './monitoring_config'; +import { MONITOR_CLUSTER, INDEX_LOGS_AND_METRICS, WRITE_APM_EVENTS } from './privileges'; -export function createShipperApiKey(esClient: ElasticsearchClient, name: string) { +export function createShipperApiKey(esClient: ElasticsearchClient, name: string, withAPM = false) { // Based on https://www.elastic.co/guide/en/fleet/master/grant-access-to-elasticsearch.html#create-api-key-standalone-agent return esClient.security.createApiKey({ body: { @@ -19,8 +19,9 @@ export function createShipperApiKey(esClient: ElasticsearchClient, name: string) }, role_descriptors: { standalone_agent: { - cluster, - indices, + cluster: [MONITOR_CLUSTER], + indices: [INDEX_LOGS_AND_METRICS], + applications: withAPM ? [WRITE_APM_EVENTS] : undefined, }, }, }, diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/has_log_monitoring_privileges.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/has_log_monitoring_privileges.ts index a7aec8eefa293..0593a7f761e1e 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/has_log_monitoring_privileges.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/has_log_monitoring_privileges.ts @@ -6,13 +6,14 @@ */ import { ElasticsearchClient } from '@kbn/core/server'; -import { cluster, indices } from './monitoring_config'; +import { MONITOR_CLUSTER, INDEX_LOGS_AND_METRICS, WRITE_APM_EVENTS } from './privileges'; -export async function hasLogMonitoringPrivileges(esClient: ElasticsearchClient) { +export async function hasLogMonitoringPrivileges(esClient: ElasticsearchClient, withAPM = false) { const res = await esClient.security.hasPrivileges({ body: { - index: indices, - cluster: [...cluster, 'manage_own_api_key'], + cluster: [MONITOR_CLUSTER, 'manage_own_api_key'], + index: [INDEX_LOGS_AND_METRICS], + application: withAPM ? [WRITE_APM_EVENTS] : undefined, }, }); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/privileges.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/privileges.ts new file mode 100644 index 0000000000000..7c3b5999842bd --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/api_key/privileges.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { estypes } from '@elastic/elasticsearch'; + +/** + * Grants all cluster read-only operations, like cluster health and state, hot threads, node info, node and cluster stats, and pending cluster tasks. + */ +export const MONITOR_CLUSTER: estypes.SecurityClusterPrivilege = 'monitor'; + +// https://www.elastic.co/guide/en/fleet/master/grant-access-to-elasticsearch.html#create-api-key-standalone-agent +export const INDEX_LOGS_AND_METRICS: estypes.SecurityIndicesPrivileges = { + names: ['logs-*-*', 'metrics-*-*'], + privileges: ['auto_configure', 'create_doc'], +}; + +// https://www.elastic.co/guide/en/observability/master/apm-api-key.html#apm-create-api-key-workflow-es +export const WRITE_APM_EVENTS: estypes.SecurityApplicationPrivileges = { + application: 'apm', + privileges: ['event:write', 'config_agent:read'], + resources: ['*'], +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/elastic_agent/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/elastic_agent/route.ts index e2d1aede28b81..b6223c9a820a2 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/elastic_agent/route.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/elastic_agent/route.ts @@ -7,7 +7,7 @@ import * as t from 'io-ts'; import { v4 as uuidv4 } from 'uuid'; -import { generateSystemLogsYml, generateCustomLogsYml } from '../../../common/elastic_agent_logs'; +import { generateCustomLogsYml } from '../../../common/elastic_agent_logs'; import { getAuthenticationAPIKey } from '../../lib/get_authentication_api_key'; import { getFallbackESUrl } from '../../lib/get_fallback_urls'; import { getObservabilityOnboardingFlow } from '../../lib/state'; @@ -43,20 +43,12 @@ const generateConfig = createObservabilityOnboardingServerRoute({ savedObjectId: onboardingId, }); - const yaml = - savedState?.type === 'systemLogs' - ? generateSystemLogsYml({ - ...savedState?.state, - apiKey: authApiKey ? `${authApiKey?.apiKeyId}:${authApiKey?.apiKey}` : '$API_KEY', - esHost: elasticsearchUrl, - uuid: uuidv4(), - }) - : generateCustomLogsYml({ - ...savedState?.state, - apiKey: authApiKey ? `${authApiKey?.apiKeyId}:${authApiKey?.apiKey}` : '$API_KEY', - esHost: elasticsearchUrl, - logfileId: `custom-logs-${uuidv4()}`, - }); + const yaml = generateCustomLogsYml({ + ...savedState?.state, + apiKey: authApiKey ? `${authApiKey?.apiKeyId}:${authApiKey?.apiKey}` : '$API_KEY', + esHost: elasticsearchUrl, + logfileId: `custom-logs-${uuidv4()}`, + }); return yaml; }, diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/kubernetes/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/kubernetes/route.ts index 33a501bd184b9..691c28f5a14e6 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/kubernetes/route.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/kubernetes/route.ts @@ -45,7 +45,7 @@ const createKubernetesOnboardingFlowRoute = createObservabilityOnboardingServerR elasticsearch: { client }, } = await context.core; - const hasPrivileges = await hasLogMonitoringPrivileges(client.asCurrentUser); + const hasPrivileges = await hasLogMonitoringPrivileges(client.asCurrentUser, true); if (!hasPrivileges) { throw Boom.forbidden( @@ -57,7 +57,7 @@ const createKubernetesOnboardingFlowRoute = createObservabilityOnboardingServerR const packageClient = fleetPluginStart.packageService.asScoped(request); const [{ encoded: apiKeyEncoded }, elasticAgentVersion] = await Promise.all([ - createShipperApiKey(client.asCurrentUser, 'kubernetes_onboarding'), + createShipperApiKey(client.asCurrentUser, `${params.body.pkgName}_onboarding`, true), getAgentVersion(fleetPluginStart, kibanaVersion), // System package is always required packageClient.ensureInstalledPackage({ pkgName: 'system' }), diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts index 6d17617e1a94e..a848ea50f9d96 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts @@ -95,7 +95,7 @@ const createFlowRoute = createObservabilityOnboardingServerRoute({ name: t.string, }), t.type({ - type: t.union([t.literal('logFiles'), t.literal('systemLogs')]), + type: t.literal('logFiles'), }), t.partial({ state: t.record(t.string, t.unknown), @@ -120,14 +120,13 @@ const createFlowRoute = createObservabilityOnboardingServerRoute({ `standalone_agent_logs_onboarding_${name}` ); - const generatedState = type === 'systemLogs' ? { namespace: 'default' } : state; const savedObjectsClient = coreStart.savedObjects.getScopedClient(request); const { id } = await saveObservabilityOnboardingFlow({ savedObjectsClient, observabilityOnboardingState: { type, - state: generatedState as ObservabilityOnboardingFlow['state'], + state: state as ObservabilityOnboardingFlow['state'], progress: {}, }, }); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts index bf996b96e1958..c59bec0285266 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts @@ -19,13 +19,9 @@ export interface LogFilesState { namespace: string; } -export interface SystemLogsState { - namespace: string; -} - -type ObservabilityOnboardingFlowState = LogFilesState | SystemLogsState | undefined; +type ObservabilityOnboardingFlowState = LogFilesState | undefined; -type ObservabilityOnboardingType = 'logFiles' | 'systemLogs' | 'autoDetect' | 'kubernetes'; +type ObservabilityOnboardingType = 'logFiles' | 'autoDetect' | 'kubernetes'; export interface ObservabilityOnboardingFlow { type: ObservabilityOnboardingType; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/test_helpers/create_observability_onboarding_users/authentication.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/test_helpers/create_observability_onboarding_users/authentication.ts index 340f0cb615651..eafcc5a2e92c6 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/test_helpers/create_observability_onboarding_users/authentication.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/test_helpers/create_observability_onboarding_users/authentication.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { cluster, indices } from '../../lib/api_key/monitoring_config'; +import { MONITOR_CLUSTER, INDEX_LOGS_AND_METRICS } from '../../lib/api_key/privileges'; export enum ObservabilityOnboardingUsername { noAccessUser = 'no_access_user', @@ -21,8 +21,8 @@ export enum ObservabilityOnboardingCustomRolename { export const customRoles = { [ObservabilityOnboardingCustomRolename.logMonitoringUser]: { elasticsearch: { - cluster: [...cluster, 'manage_own_api_key'], - indices, + cluster: [MONITOR_CLUSTER, 'manage_own_api_key'], + indices: [INDEX_LOGS_AND_METRICS], }, }, }; diff --git a/x-pack/plugins/search_indices/kibana.jsonc b/x-pack/plugins/search_indices/kibana.jsonc index 13abaf63cbbe3..dee69b2b4e109 100644 --- a/x-pack/plugins/search_indices/kibana.jsonc +++ b/x-pack/plugins/search_indices/kibana.jsonc @@ -18,6 +18,7 @@ "cloud", "console", "usageCollection", + "serverless" ], "requiredBundles": [ "kibanaReact", diff --git a/x-pack/plugins/search_indices/public/components/indices/details_page.tsx b/x-pack/plugins/search_indices/public/components/indices/details_page.tsx index 9ff096488afe3..e8868663a9a3f 100644 --- a/x-pack/plugins/search_indices/public/components/indices/details_page.tsx +++ b/x-pack/plugins/search_indices/public/components/indices/details_page.tsx @@ -42,7 +42,15 @@ export const SearchIndexDetailsPage = () => { const indexName = decodeURIComponent(useParams<{ indexName: string }>().indexName); const tabId = decodeURIComponent(useParams<{ tabId: string }>().tabId); - const { console: consolePlugin, docLinks, application, history, share } = useKibana().services; + const { + console: consolePlugin, + docLinks, + application, + history, + share, + chrome, + serverless, + } = useKibana().services; const { data: index, refetch, @@ -73,6 +81,25 @@ export const SearchIndexDetailsPage = () => { setDocumentsLoading(isInitialLoading); setHasDocuments(!(!isInitialLoading && indexDocuments?.results?.data.length === 0)); }, [indexDocuments, isInitialLoading, setHasDocuments, setDocumentsLoading]); + + useEffect(() => { + chrome.docTitle.change(indexName); + + if (serverless) { + serverless.setBreadcrumbs([ + { + text: i18n.translate('xpack.searchIndices.indexBreadcrumbLabel', { + defaultMessage: 'Index Management', + }), + href: '/app/management/data/index_management/indices', + }, + { + text: indexName, + }, + ]); + } + }, [chrome, indexName, serverless]); + const usageTracker = useUsageTracker(); const detailsPageTabs: EuiTabbedContentTab[] = useMemo(() => { diff --git a/x-pack/plugins/search_indices/public/types.ts b/x-pack/plugins/search_indices/public/types.ts index 0030b222f6bc1..51c05687f9dc6 100644 --- a/x-pack/plugins/search_indices/public/types.ts +++ b/x-pack/plugins/search_indices/public/types.ts @@ -17,6 +17,7 @@ import type { } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { IndexManagementPluginStart } from '@kbn/index-management-shared-types'; import type { AppDeepLinkId } from '@kbn/core-chrome-browser'; +import { ServerlessPluginStart } from '@kbn/serverless/public'; export interface SearchIndicesPluginSetup { enabled: boolean; @@ -50,6 +51,7 @@ export type SearchIndicesServicesContext = CoreStart & SearchIndicesAppPluginStartDependencies & { history: AppMountParameters['history']; indexManagement: IndexManagementPluginStart; + serverless: ServerlessPluginStart; }; export interface AppUsageTracker { diff --git a/x-pack/plugins/search_indices/tsconfig.json b/x-pack/plugins/search_indices/tsconfig.json index dfd73633b3c3b..61b82f4485492 100644 --- a/x-pack/plugins/search_indices/tsconfig.json +++ b/x-pack/plugins/search_indices/tsconfig.json @@ -38,7 +38,8 @@ "@kbn/search-api-keys-components", "@kbn/search-shared-ui", "@kbn/deeplinks-search", - "@kbn/core-chrome-browser" + "@kbn/core-chrome-browser", + "@kbn/serverless" ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_metadata_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_metadata_generator.ts index b14ddc1e8af9e..34de79d937278 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_metadata_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_metadata_generator.ts @@ -11,9 +11,15 @@ import type { DeepPartial } from 'utility-types'; import { merge } from 'lodash'; import { set } from '@kbn/safer-lodash-set'; import { gte } from 'semver'; +import type { Agent } from '@kbn/fleet-plugin/common'; import type { EndpointCapabilities } from '../service/response_actions/constants'; import { BaseDataGenerator } from './base_data_generator'; -import type { HostMetadataInterface, OSFields, HostInfoInterface } from '../types'; +import type { + HostMetadataInterface, + OSFields, + HostInfoInterface, + UnitedAgentMetadataPersistedData, +} from '../types'; import { EndpointStatus, HostPolicyResponseActionStatus, HostStatus } from '../types'; export interface GetCustomEndpointMetadataGeneratorOptions { @@ -226,6 +232,30 @@ export class EndpointMetadataGenerator extends BaseDataGenerator { return merge(hostInfo, overrides); } + generateUnitedAgentMetadata( + overrides: DeepPartial = {} + ): UnitedAgentMetadataPersistedData { + const endpointMetadata = this.generate(); + + return merge( + { + agent: { + id: endpointMetadata.agent.id, + }, + united: { + endpoint: endpointMetadata, + agent: { + agent: { + id: endpointMetadata.agent.id, + }, + policy_id: this.seededUUIDv4(), + } as Agent, + }, + } as UnitedAgentMetadataPersistedData, + overrides + ); + } + protected randomOsFields(): OSFields { return this.randomChoice([ EndpointMetadataGenerator.windowsOSFields, diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts index a54f16a634d69..8f1f9c7e21c08 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts @@ -42,7 +42,12 @@ import { indexFleetEndpointPolicy, } from './index_fleet_endpoint_policy'; import { metadataCurrentIndexPattern } from '../constants'; -import { EndpointDataLoadingError, mergeAndAppendArrays, wrapErrorAndRejectPromise } from './utils'; +import { + EndpointDataLoadingError, + fetchActiveSpaceId, + mergeAndAppendArrays, + wrapErrorAndRejectPromise, +} from './utils'; export interface IndexedHostsResponse extends IndexedFleetAgentResponse, @@ -112,6 +117,7 @@ export const indexEndpointHostDocs = usageTracker.track( const timeBetweenDocs = 6 * 3600 * 1000; // 6 hours between metadata documents const timestamp = new Date().getTime(); const kibanaVersion = await fetchKibanaVersion(kbnClient); + const activeSpaceId = await fetchActiveSpaceId(kbnClient); const response: IndexedHostsResponse = { hosts: [], agents: [], @@ -137,7 +143,7 @@ export const indexEndpointHostDocs = usageTracker.track( for (let j = 0; j < numDocs; j++) { generator.updateHostData(); - generator.updateHostPolicyData(); + generator.updateHostPolicyData({ excludeInitialPolicy: true }); hostMetadata = generator.generateHostMetadata( timestamp - timeBetweenDocs * (numDocs - j - 1), @@ -178,6 +184,7 @@ export const indexEndpointHostDocs = usageTracker.track( const { agents, fleetAgentsIndex, operations } = buildFleetAgentBulkCreateOperations({ endpoints: [hostMetadata], agentPolicyId: policyId, + spaceId: activeSpaceId, kibanaVersion, }); diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_agent.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_agent.ts index ad1b1f9bcd315..46f7034537134 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_agent.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_agent.ts @@ -10,13 +10,12 @@ import type { DeleteByQueryResponse, IndexRequest, } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { KbnClient } from '@kbn/test'; import type { FleetServerAgent } from '@kbn/fleet-plugin/common'; import { AGENTS_INDEX } from '@kbn/fleet-plugin/common'; import type { BulkRequest } from '@elastic/elasticsearch/lib/api/types'; import type { DeepPartial } from 'utility-types'; import type { ToolingLog } from '@kbn/tooling-log'; -import { usageTracker } from './usage_tracker'; +import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import type { HostMetadata } from '../types'; import { FleetAgentGenerator } from '../data_generators/fleet_agent_generator'; import { createToolingLogger, wrapErrorAndRejectPromise } from './utils'; @@ -28,57 +27,12 @@ export interface IndexedFleetAgentResponse { fleetAgentsIndex: string; } -/** - * Indexes a Fleet Agent - * (NOTE: ensure that fleet is setup first before calling this loading function) - * - * @param esClient - * @param kbnClient - * @param endpointHost - * @param agentPolicyId - * @param [kibanaVersion] - * @param [fleetAgentGenerator] - */ -export const indexFleetAgentForHost = usageTracker.track( - 'indexFleetAgentForHost', - async ( - esClient: Client, - kbnClient: KbnClient, - endpointHost: HostMetadata, - agentPolicyId: string, - kibanaVersion: string = '8.0.0', - fleetAgentGenerator: FleetAgentGenerator = defaultFleetAgentGenerator - ): Promise => { - const agentDoc = generateFleetAgentEsHitForEndpointHost( - endpointHost, - agentPolicyId, - kibanaVersion, - fleetAgentGenerator - ); - - await esClient - .index({ - index: agentDoc._index, - id: agentDoc._id, - body: agentDoc._source, - op_type: 'create', - refresh: 'wait_for', - }) - .catch(wrapErrorAndRejectPromise); - - return { - fleetAgentsIndex: agentDoc._index, - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - agents: [agentDoc._source!], - }; - } -); - const generateFleetAgentEsHitForEndpointHost = ( endpointHost: HostMetadata, agentPolicyId: string, kibanaVersion: string = '8.0.0', - fleetAgentGenerator: FleetAgentGenerator = defaultFleetAgentGenerator + fleetAgentGenerator: FleetAgentGenerator = defaultFleetAgentGenerator, + spaceId: string = DEFAULT_SPACE_ID ) => { return fleetAgentGenerator.generateEsHit({ _id: endpointHost.agent.id, @@ -102,6 +56,7 @@ const generateFleetAgentEsHitForEndpointHost = ( }, }, policy_id: agentPolicyId, + namespaces: [spaceId], }, }); }; @@ -110,6 +65,7 @@ interface BuildFleetAgentBulkCreateOperationsOptions { endpoints: HostMetadata[]; agentPolicyId: string; kibanaVersion?: string; + spaceId?: string; fleetAgentGenerator?: FleetAgentGenerator; } @@ -130,6 +86,7 @@ export const buildFleetAgentBulkCreateOperations = ({ agentPolicyId, kibanaVersion = '8.0.0', fleetAgentGenerator = defaultFleetAgentGenerator, + spaceId = DEFAULT_SPACE_ID, }: BuildFleetAgentBulkCreateOperationsOptions): BuildFleetAgentBulkCreateOperationsResponse => { const response: BuildFleetAgentBulkCreateOperationsResponse = { operations: [], @@ -142,7 +99,8 @@ export const buildFleetAgentBulkCreateOperations = ({ endpointHost, agentPolicyId, kibanaVersion, - fleetAgentGenerator + fleetAgentGenerator, + spaceId ); response.operations.push( diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_server.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_server.ts index 72abfe79b0ae0..47e33db0809ee 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_server.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_fleet_server.ts @@ -8,11 +8,13 @@ import type { Client } from '@elastic/elasticsearch'; import { kibanaPackageJson } from '@kbn/repo-info'; import type { KbnClient } from '@kbn/test'; +import { v4 as uuidV4 } from 'uuid'; import type { GetPackagePoliciesResponse, AgentPolicy, GetOneAgentPolicyResponse, CreateAgentPolicyResponse, + NewAgentPolicy, } from '@kbn/fleet-plugin/common'; import { AGENT_POLICY_API_ROUTES, @@ -23,11 +25,12 @@ import { packagePolicyRouteService, } from '@kbn/fleet-plugin/common'; import type { ToolingLog } from '@kbn/tooling-log'; -import { fetchFleetLatestAvailableAgentVersion } from '../utils/fetch_fleet_version'; +import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; +import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import { indexFleetServerAgent } from './index_fleet_agent'; import { catchAxiosErrorFormatAndThrow } from '../format_axios_error'; import { usageTracker } from './usage_tracker'; -import { createToolingLogger, wrapErrorAndRejectPromise } from './utils'; +import { createToolingLogger, fetchActiveSpaceId, wrapErrorAndRejectPromise } from './utils'; /** * Will ensure that at least one fleet server is present in the `.fleet-agents` index. This will @@ -48,17 +51,18 @@ export const enableFleetServerIfNecessary = usageTracker.track( log: ToolingLog = createToolingLogger(), version: string = kibanaPackageJson.version ) => { - let agentVersion = version; + const activeSpaceId = await fetchActiveSpaceId(kbnClient); + const agentPolicy = await getOrCreateFleetServerAgentPolicy(kbnClient, activeSpaceId, log); - if (isServerless) { - agentVersion = await fetchFleetLatestAvailableAgentVersion(kbnClient); - } - - const agentPolicy = await getOrCreateFleetServerAgentPolicy(kbnClient, log); - - if (!isServerless && !(await hasFleetServerAgent(esClient, agentPolicy.id))) { + if ( + !isServerless && + !(await hasFleetServerAgent(esClient, agentPolicy.id, activeSpaceId, log)) + ) { log.debug(`Indexing a new fleet server agent`); + const lastCheckin = new Date(); + const agentVersion = version; + lastCheckin.setFullYear(lastCheckin.getFullYear() + 1); const indexedAgent = await indexFleetServerAgent(esClient, log, { @@ -66,9 +70,10 @@ export const enableFleetServerIfNecessary = usageTracker.track( agent: { version: agentVersion }, last_checkin_status: 'online', last_checkin: lastCheckin.toISOString(), + namespaces: agentPolicy.space_ids ?? [activeSpaceId], }); - log.verbose(`New fleet server agent indexed:\n${JSON.stringify(indexedAgent)}`); + log.verbose(`New fleet server agent indexed:\n${JSON.stringify(indexedAgent, null, 2)}`); } else { log.debug(`Nothing to do. A Fleet Server agent is already registered with Fleet`); } @@ -77,6 +82,7 @@ export const enableFleetServerIfNecessary = usageTracker.track( const getOrCreateFleetServerAgentPolicy = async ( kbnClient: KbnClient, + spaceId?: string, log: ToolingLog = createToolingLogger() ): Promise => { const packagePolicies = await kbnClient @@ -92,8 +98,10 @@ const getOrCreateFleetServerAgentPolicy = async ( .catch(catchAxiosErrorFormatAndThrow); if (packagePolicies.data.items[0]) { - log.debug(`Found an existing package policy - fetching associated agent policy`); - log.verbose(JSON.stringify(packagePolicies.data.items[0])); + log.debug( + `Found an existing Fleet Server package policy [${packagePolicies.data.items[0].id}] - fetching associated agent policy` + ); + log.verbose(JSON.stringify(packagePolicies.data, null, 2)); return kbnClient .request({ @@ -103,8 +111,9 @@ const getOrCreateFleetServerAgentPolicy = async ( }) .catch(catchAxiosErrorFormatAndThrow) .then((response) => { + log.debug(`Returning existing Fleet Server agent policy [${response.data.item.id}]`); log.verbose( - `Existing agent policy for Fleet Server:\n${JSON.stringify(response.data.item)}` + `Existing agent policy for Fleet Server:\n${JSON.stringify(response.data.item, null, 2)}` ); return response.data.item; @@ -113,26 +122,33 @@ const getOrCreateFleetServerAgentPolicy = async ( log.debug(`Creating a new fleet server agent policy`); + const policy: NewAgentPolicy = { + name: `Fleet Server policy (${Math.random().toString(32).substring(2)})`, + id: uuidV4(), + description: `Created by CLI Tool via: ${__filename}`, + namespace: spaceId ?? DEFAULT_SPACE_ID, + monitoring_enabled: [], + // This will ensure the Fleet Server integration policy + // is also created and added to the agent policy + has_fleet_server: true, + }; + + log.verbose(`New policy:\n${JSON.stringify(policy, null, 2)}`); + // create new Fleet Server agent policy return kbnClient .request({ method: 'POST', path: AGENT_POLICY_API_ROUTES.CREATE_PATTERN, headers: { 'elastic-api-version': '2023-10-31' }, - body: { - name: `Fleet Server policy (${Math.random().toString(32).substring(2)})`, - description: `Created by CLI Tool via: ${__filename}`, - namespace: 'default', - monitoring_enabled: [], - // This will ensure the Fleet Server integration policy - // is also created and added to the agent policy - has_fleet_server: true, - }, + body: policy, }) .then((response) => { log.verbose( `No fleet server agent policy found. Created a new one:\n${JSON.stringify( - response.data.item + response.data.item, + null, + 2 )}` ); @@ -143,8 +159,23 @@ const getOrCreateFleetServerAgentPolicy = async ( const hasFleetServerAgent = async ( esClient: Client, - fleetServerAgentPolicyId: string + fleetServerAgentPolicyId: string, + spaceId?: string, + log: ToolingLog = createToolingLogger() ): Promise => { + const query: QueryDslQueryContainer = { + bool: { + filter: [ + { + term: { + policy_id: fleetServerAgentPolicyId, + }, + }, + ...(spaceId ? [{ term: { namespaces: spaceId } }] : []), + ], + }, + }; + const searchResponse = await esClient .search( { @@ -152,16 +183,19 @@ const hasFleetServerAgent = async ( ignore_unavailable: true, rest_total_hits_as_int: true, size: 1, - _source: false, - query: { - match: { - policy_id: fleetServerAgentPolicyId, - }, - }, + query, }, { ignore: [404] } ) .catch(wrapErrorAndRejectPromise); + log.verbose( + `Search for a fleet server agent with query:\n${JSON.stringify( + query, + null, + 2 + )}\nreturn:\n ${fleetServerAgentPolicyId}]\n${JSON.stringify(searchResponse, null, 2)}` + ); + return Boolean(searchResponse?.hits.total); }; diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/utils.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/utils.ts index f695bfc3afa67..e648bcef98bc8 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/utils.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/utils.ts @@ -5,11 +5,14 @@ * 2.0. */ -import { mergeWith } from 'lodash'; +import { memoize, mergeWith } from 'lodash'; import type { ToolingLogTextWriterConfig } from '@kbn/tooling-log'; import { ToolingLog } from '@kbn/tooling-log'; import type { Flags } from '@kbn/dev-cli-runner'; import moment from 'moment/moment'; +import type { Space } from '@kbn/spaces-plugin/common'; +import type { KbnClient } from '@kbn/test'; +import { catchAxiosErrorFormatAndThrow } from '../format_axios_error'; import { EndpointError } from '../errors'; export const RETRYABLE_TRANSIENT_ERRORS: Readonly> = [ @@ -183,3 +186,13 @@ export const getElapsedTime = ( return `${hours}:${minutes}:${seconds}.${milliseconds}`; }; + +export const fetchActiveSpaceId = memoize(async (kbnClient: KbnClient): Promise => { + return kbnClient + .request({ + method: 'GET', + path: `/internal/spaces/_active_space`, + }) + .catch(catchAxiosErrorFormatAndThrow) + .then((response) => response.data.id); +}); diff --git a/x-pack/plugins/security_solution/common/endpoint/format_axios_error.ts b/x-pack/plugins/security_solution/common/endpoint/format_axios_error.ts index fa46f7940c17e..791dbafe15538 100644 --- a/x-pack/plugins/security_solution/common/endpoint/format_axios_error.ts +++ b/x-pack/plugins/security_solution/common/endpoint/format_axios_error.ts @@ -6,10 +6,11 @@ */ import { AxiosError } from 'axios'; +import { EndpointError } from './errors'; /* eslint-disable @typescript-eslint/no-explicit-any */ -export class FormattedAxiosError extends Error { +export class FormattedAxiosError extends EndpointError { public readonly request: { method: string; url: string; @@ -28,7 +29,8 @@ export class FormattedAxiosError extends Error { super( `${axiosError.message}${ axiosError?.response?.data ? `: ${JSON.stringify(axiosError?.response?.data)}` : '' - }${url ? `\n(Request: ${method} ${url})` : ''}` + }${url ? `\n(Request: ${method} ${url})` : ''}`, + axiosError ); this.request = { diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts index 50ae6b4069770..b4ee20f3d5ba2 100644 --- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts +++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts @@ -400,10 +400,20 @@ export class EndpointDocGenerator extends BaseDataGenerator { /** * Updates the current Host common record applied Policy to a different one from the list * of random choices and gives it a random policy response status. + * */ - public updateHostPolicyData() { + public updateHostPolicyData({ + excludeInitialPolicy = false, + }: Partial<{ + /** Excludes the initial policy id (non-existent) that endpoint reports when it first is installed */ + excludeInitialPolicy: boolean; + }> = {}) { const newInfo = this.commonInfo; - newInfo.Endpoint.policy.applied = this.randomChoice(APPLIED_POLICIES); + newInfo.Endpoint.policy.applied = this.randomChoice( + excludeInitialPolicy + ? APPLIED_POLICIES.filter(({ id }) => id !== '00000000-0000-0000-0000-000000000000') + : APPLIED_POLICIES + ); newInfo.Endpoint.policy.applied.status = this.randomChoice(POLICY_RESPONSE_STATUSES); this.commonInfo = newInfo; } diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts index 45390e1f03060..2eaae4705e04d 100644 --- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts +++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts @@ -538,6 +538,7 @@ export interface HostMetadataInterface { status: EndpointStatus; policy: { applied: { + /** The Endpoint integration policy UUID */ id: string; status: HostPolicyResponseActionStatus; name: string; diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/spaces.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/spaces.ts index 8b36aaeff59fd..92affc609bf0c 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/spaces.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/spaces.ts @@ -27,8 +27,12 @@ export const ensureSpaceIdExists = async ( return; } - const alreadyExists = await kbnClient.spaces - .get(spaceId) + const alreadyExists = await kbnClient + .request({ + method: 'GET', + path: `/api/spaces/space/${spaceId}`, + headers: { 'elastic-api-version': '2023-10-31' }, + }) .then(() => { log.debug(`Space id [${spaceId}] already exists. Nothing to do.`); return true; @@ -45,12 +49,20 @@ export const ensureSpaceIdExists = async ( if (!alreadyExists) { log.info(`Creating space id [${spaceId}]`); - await kbnClient.spaces - .create({ - name: spaceId, - id: spaceId, + await kbnClient + .request({ + method: 'POST', + path: `/api/spaces/space`, + headers: { 'elastic-api-version': '2023-10-31' }, + body: { + name: spaceId, + id: spaceId, + }, }) - .catch(catchAxiosErrorFormatAndThrow); + .catch(catchAxiosErrorFormatAndThrow) + .then((response) => { + log.verbose(`space created:\n${JSON.stringify(response.data, null, 2)}`); + }); } }; diff --git a/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts b/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts index b22dd4c7ab8bb..192fb6059325a 100644 --- a/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts +++ b/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts @@ -253,20 +253,30 @@ export class EndpointAppContextService { throw new EndpointAppContentServicesNotStartedError(); } + const spaceIdValue = this.experimentalFeatures.endpointManagementSpaceAwarenessEnabled + ? spaceId + : DEFAULT_SPACE_ID; + return new EndpointMetadataService( this.startDependencies.esClient, - this.savedObjects.createInternalScopedSoClient({ readonly: false }), - this.getInternalFleetServices(), + this.savedObjects.createInternalScopedSoClient({ readonly: false, spaceId: spaceIdValue }), + this.getInternalFleetServices(spaceIdValue), this.createLogger('endpointMetadata') ); } - public getInternalFleetServices(): EndpointInternalFleetServicesInterface { + /** + * SpaceId should be defined if wanting go get back an inernal client that is scoped to a given space id + * @param spaceId + */ + public getInternalFleetServices(spaceId?: string): EndpointInternalFleetServicesInterface { if (this.fleetServicesFactory === null) { throw new EndpointAppContentServicesNotStartedError(); } - return this.fleetServicesFactory.asInternalUser(); + return this.fleetServicesFactory.asInternalUser( + this.experimentalFeatures.endpointManagementSpaceAwarenessEnabled ? spaceId : undefined + ); } public getManifestManager(): ManifestManager | undefined { diff --git a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts index cf683283e716d..5ab221b7bfc07 100644 --- a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts +++ b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts @@ -50,6 +50,7 @@ import { unsecuredActionsClientMock } from '@kbn/actions-plugin/server/unsecured import type { PluginStartContract as ActionPluginStartContract } from '@kbn/actions-plugin/server'; import type { Mutable } from 'utility-types'; import type { DeeplyMockedKeys } from '@kbn/utility-types-jest'; +import { createSavedObjectsClientFactoryMock } from '../services/saved_objects/saved_objects_client_factory.mocks'; import { EndpointMetadataService } from '../services/metadata'; import { createEndpointFleetServicesFactoryMock } from '../services/fleet/endpoint_fleet_services_factory.mocks'; import type { ProductFeaturesService } from '../../lib/product_features_service'; @@ -99,7 +100,8 @@ export const createMockEndpointAppContext = ( export const createMockEndpointAppContextService = ( mockManifestManager?: ManifestManager ): jest.Mocked => { - const { esClient, fleetStartServices } = createMockEndpointAppContextServiceStartContract(); + const { esClient, fleetStartServices, savedObjectsServiceStart } = + createMockEndpointAppContextServiceStartContract(); const fleetServices = createEndpointFleetServicesFactoryMock({ fleetDependencies: fleetStartServices, }).service.asInternalUser(); @@ -141,6 +143,7 @@ export const createMockEndpointAppContextService = ( getInternalResponseActionsClient: jest.fn(() => { return responseActionsClientMock.create(); }), + savedObjects: createSavedObjectsClientFactoryMock({ savedObjectsServiceStart }).service, } as unknown as jest.Mocked; }; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts index ff34ff6d66d1e..6ea890cdf716e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts @@ -109,7 +109,8 @@ describe('Agent Status API route handler', () => { expect(httpResponseMock.ok).toHaveBeenCalled(); expect(getAgentStatusClientMock).toHaveBeenCalledWith(agentType, { esClient: (await httpHandlerContextMock.core).elasticsearch.client.asInternalUser, - soClient: (await httpHandlerContextMock.core).savedObjects.client, + soClient: + apiTestSetup.endpointAppContextMock.service.savedObjects.createInternalScopedSoClient(), connectorActionsClient: (await httpHandlerContextMock.actions).getActionsClient(), endpointService: apiTestSetup.endpointAppContextMock.service, }); @@ -145,4 +146,38 @@ describe('Agent Status API route handler', () => { }, }); }); + + it('should NOT use space ID in creating SO client when feature is disabled', async () => { + await apiTestSetup + .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1') + .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock); + + expect(httpResponseMock.ok).toHaveBeenCalled(); + expect( + apiTestSetup.endpointAppContextMock.service.savedObjects.createInternalScopedSoClient + ).toHaveBeenCalledWith({ + spaceId: undefined, + }); + }); + + it('should use a scoped SO client when spaces awareness feature is enabled', async () => { + // @ts-expect-error write to readonly property + apiTestSetup.endpointAppContextMock.service.experimentalFeatures.endpointManagementSpaceAwarenessEnabled = + true; + + ((await httpHandlerContextMock.securitySolution).getSpaceId as jest.Mock).mockReturnValue( + 'foo' + ); + + await apiTestSetup + .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1') + .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock); + + expect(httpResponseMock.ok).toHaveBeenCalled(); + expect( + apiTestSetup.endpointAppContextMock.service.savedObjects.createInternalScopedSoClient + ).toHaveBeenCalledWith({ + spaceId: 'foo', + }); + }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts index 0a9bdbde9876e..e6ea2f7595785 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts @@ -78,18 +78,29 @@ export const getAgentStatusRouteHandler = ( ); } - const esClient = (await context.core).elasticsearch.client.asInternalUser; - const soClient = (await context.core).savedObjects.client; - const connectorActionsClient = (await context.actions).getActionsClient(); - const agentStatusClient = getAgentStatusClient(agentType, { - esClient, - soClient, - connectorActionsClient, - endpointService: endpointContext.service, - }); - const data = await agentStatusClient.getAgentStatuses(agentIds); - try { + const [securitySolutionPlugin, corePlugin, actionsPlugin] = await Promise.all([ + context.securitySolution, + context.core, + context.actions, + ]); + const esClient = corePlugin.elasticsearch.client.asInternalUser; + const spaceId = endpointContext.service.experimentalFeatures + .endpointManagementSpaceAwarenessEnabled + ? securitySolutionPlugin.getSpaceId() + : undefined; + const soClient = endpointContext.service.savedObjects.createInternalScopedSoClient({ + spaceId, + }); + const connectorActionsClient = actionsPlugin.getActionsClient(); + const agentStatusClient = getAgentStatusClient(agentType, { + esClient, + soClient, + connectorActionsClient, + endpointService: endpointContext.service, + }); + const data = await agentStatusClient.getAgentStatuses(agentIds); + return response.ok({ body: { data } }); } catch (e) { return errorHandler(logger, response, e); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts index 90eb56fbc83f2..5e887049a8d13 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts @@ -9,6 +9,7 @@ import type { TypeOf } from '@kbn/config-schema'; import type { Logger, RequestHandler } from '@kbn/core/server'; import { FLEET_ENDPOINT_PACKAGE } from '@kbn/fleet-plugin/common'; +import { stringify } from '../../utils/stringify'; import type { MetadataListResponse, EndpointSortableField, @@ -45,7 +46,10 @@ export function getMetadataListRequestHandler( SecuritySolutionRequestHandlerContext > { return async (context, request, response) => { - const endpointMetadataService = endpointAppContext.service.getEndpointMetadataService(); + logger.debug(() => `endpoint host metadata list request:\n${stringify(request.query)}`); + + const spaceId = (await context.securitySolution).getSpaceId(); + const endpointMetadataService = endpointAppContext.service.getEndpointMetadataService(spaceId); try { const { data, total } = await endpointMetadataService.getHostMetadataList(request.query); @@ -77,7 +81,8 @@ export const getMetadataRequestHandler = function ( SecuritySolutionRequestHandlerContext > { return async (context, request, response) => { - const endpointMetadataService = endpointAppContext.service.getEndpointMetadataService(); + const spaceId = (await context.securitySolution).getSpaceId(); + const endpointMetadataService = endpointAppContext.service.getEndpointMetadataService(spaceId); try { return response.ok({ diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts index dbf60ef127c22..00054964e4401 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts @@ -19,7 +19,11 @@ import { } from '@kbn/core/server/mocks'; import { createAppContextStartContractMock as fleetCreateAppContextStartContractMock } from '@kbn/fleet-plugin/server/mocks'; import { appContextService as fleetAppContextService } from '@kbn/fleet-plugin/server/services'; -import type { HostInfo, MetadataListResponse } from '../../../../common/endpoint/types'; +import type { + HostInfo, + MetadataListResponse, + UnitedAgentMetadataPersistedData, +} from '../../../../common/endpoint/types'; import { HostStatus } from '../../../../common/endpoint/types'; import { registerEndpointRoutes } from '.'; import { @@ -62,6 +66,7 @@ import type { TransformGetTransformStatsResponse } from '@elastic/elasticsearch/ import { getEndpointAuthzInitialStateMock } from '../../../../common/endpoint/service/authz/mocks'; import type { VersionedRouteConfig } from '@kbn/core-http-server'; import type { SecuritySolutionPluginRouterMock } from '../../../mocks'; +import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; describe('test endpoint routes', () => { let routerMock: SecuritySolutionPluginRouterMock; @@ -124,15 +129,9 @@ describe('test endpoint routes', () => { afterEach(() => endpointAppContextService.stop()); describe('GET list endpoints route', () => { - it('should return expected metadata', async () => { - const mockRequest = httpServerMock.createKibanaRequest({ - query: { - page: 0, - pageSize: 10, - hostStatuses: ['updating'], - kuery: 'not host.ip:10.140.73.246', - }, - }); + let searchListResponse: estypes.SearchResponse; + + beforeEach(() => { mockSavedObjectClient.find.mockResolvedValueOnce({ total: 0, saved_objects: [], @@ -144,12 +143,25 @@ describe('test endpoint routes', () => { withoutSpaceExtensions: mockSavedObjectClient, }) ); + searchListResponse = unitedMetadataSearchResponseMock( + new EndpointDocGenerator('seed').generateHostMetadata() + ); mockAgentClient.getAgentStatusById.mockResolvedValue('error'); mockAgentClient.listAgents.mockResolvedValue(noUnenrolledAgent); mockAgentPolicyService.getByIds = jest.fn().mockResolvedValueOnce([]); - const metadata = new EndpointDocGenerator().generateHostMetadata(); + mockScopedClient.asInternalUser.search.mockResponseOnce(searchListResponse); + }); + + it('should return expected metadata', async () => { + const mockRequest = httpServerMock.createKibanaRequest({ + query: { + page: 0, + pageSize: 10, + hostStatuses: ['updating'], + kuery: 'not host.ip:10.140.73.246', + }, + }); const esSearchMock = mockScopedClient.asInternalUser.search; - esSearchMock.mockResponseOnce(unitedMetadataSearchResponseMock(metadata)); ({ routeHandler, routeConfig } = getRegisteredVersionedRouteMock( routerMock, @@ -233,7 +245,9 @@ describe('test endpoint routes', () => { expect(mockResponse.ok).toBeCalled(); const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as MetadataListResponse; expect(endpointResultList.data.length).toEqual(1); - expect(endpointResultList.data[0].metadata).toEqual(metadata); + expect(endpointResultList.data[0].metadata).toEqual( + searchListResponse.hits.hits[0]._source!.united.endpoint + ); expect(endpointResultList.total).toEqual(1); expect(endpointResultList.page).toEqual(0); expect(endpointResultList.pageSize).toEqual(10); @@ -262,6 +276,27 @@ describe('test endpoint routes', () => { expect(mockResponse.forbidden).toBeCalled(); }); + + it('should use space id when retrieving Endpoint Metadata service client', async () => { + const mockRequest = httpServerMock.createKibanaRequest(); + const mockContext = createRouteHandlerContext(mockScopedClient, mockSavedObjectClient); + (mockContext.securitySolution.getSpaceId as jest.Mock).mockReturnValue('foo'); + + ({ routeHandler, routeConfig } = getRegisteredVersionedRouteMock( + routerMock, + 'get', + HOST_METADATA_LIST_ROUTE, + '2023-10-31' + )); + const getEndpointMetadataServiceSpy = jest.spyOn( + endpointAppContextService, + 'getEndpointMetadataService' + ); + + await routeHandler(mockContext, mockRequest, mockResponse); + + expect(getEndpointMetadataServiceSpy).toHaveBeenCalledWith('foo'); + }); }); describe('GET endpoint details route', () => { @@ -497,6 +532,34 @@ describe('test endpoint routes', () => { expect(mockResponse.forbidden).toBeCalled(); }); + + it('should retrieve Endpoint Metadata Service client using the space id', async () => { + const response = legacyMetadataSearchResponseMock( + new EndpointDocGenerator().generateHostMetadata() + ); + const mockRequest = httpServerMock.createKibanaRequest({ + params: { id: response.hits.hits[0]._id }, + }); + const esSearchMock = mockScopedClient.asInternalUser.search; + mockAgentClient.getAgent.mockResolvedValue(agentGenerator.generate({ status: 'online' })); + esSearchMock.mockResponseOnce(response); + const getEndpointMetadataServiceSpy = jest.spyOn( + endpointAppContextService, + 'getEndpointMetadataService' + ); + ({ routeConfig, routeHandler } = getRegisteredVersionedRouteMock( + routerMock, + 'get', + HOST_METADATA_GET_ROUTE, + '2023-10-31' + )); + const mockContext = createRouteHandlerContext(mockScopedClient, mockSavedObjectClient); + (mockContext.securitySolution.getSpaceId as jest.Mock).mockReturnValue('foo'); + + await routeHandler(mockContext, mockRequest, mockResponse); + + expect(getEndpointMetadataServiceSpy).toHaveBeenCalledWith('foo'); + }); }); describe('GET metadata transform stats route', () => { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts index 2adbb0638912a..ab7ca52052b3d 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts @@ -27,6 +27,8 @@ import type { Agent } from '@kbn/fleet-plugin/common/types/models'; import type { AgentClient } from '@kbn/fleet-plugin/server/services'; import { get } from 'lodash'; import type { ScopedClusterClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; +import type { TypeOf } from '@kbn/config-schema'; +import type { GetPolicyResponseSchema } from '../../../../common/api/endpoint'; describe('test policy response handler', () => { let endpointAppContextService: EndpointAppContextService; @@ -48,11 +50,15 @@ describe('test policy response handler', () => { it('should return the latest policy response for a host', async () => { const response = createSearchResponse(new EndpointDocGenerator().generatePolicyResponse()); - const hostPolicyResponseHandler = getHostPolicyResponseHandler(); + const hostPolicyResponseHandler = getHostPolicyResponseHandler(endpointAppContextService); mockScopedClient.asInternalUser.search.mockResponseOnce(response); - const mockRequest = httpServerMock.createKibanaRequest({ - params: { agentId: 'id' }, + const mockRequest = httpServerMock.createKibanaRequest< + never, + TypeOf, + never + >({ + query: { agentId: 'id' }, }); await hostPolicyResponseHandler( @@ -71,12 +77,16 @@ describe('test policy response handler', () => { }); it('should return not found when there is no response policy for host', async () => { - const hostPolicyResponseHandler = getHostPolicyResponseHandler(); + const hostPolicyResponseHandler = getHostPolicyResponseHandler(endpointAppContextService); mockScopedClient.asInternalUser.search.mockResponseOnce(createSearchResponse()); - const mockRequest = httpServerMock.createKibanaRequest({ - params: { agentId: 'id' }, + const mockRequest = httpServerMock.createKibanaRequest< + never, + TypeOf, + never + >({ + query: { agentId: 'foo' }, }); await hostPolicyResponseHandler( @@ -87,9 +97,34 @@ describe('test policy response handler', () => { mockResponse ); - expect(mockResponse.notFound).toBeCalled(); - const message = mockResponse.notFound.mock.calls[0][0]?.body; - expect(message).toEqual('Policy Response Not Found'); + expect(mockResponse.notFound).toHaveBeenCalledWith({ + body: expect.objectContaining({ + message: 'Policy response for endpoint id [foo] not found', + }), + }); + }); + + it('should retrieve internal fleet services using space id', async () => { + mockScopedClient.asInternalUser.search.mockResponseOnce(createSearchResponse()); + const getInternalFleetServicesSpy = jest.spyOn( + endpointAppContextService, + 'getInternalFleetServices' + ); + const hostPolicyResponseHandler = getHostPolicyResponseHandler(endpointAppContextService); + const mockRequest = httpServerMock.createKibanaRequest< + never, + TypeOf, + never + >({ + query: { agentId: 'foo' }, + }); + const mockContext = requestContextMock.convertContext( + createRouteHandlerContext(mockScopedClient, mockSavedObjectClient) + ); + ((await mockContext.securitySolution).getSpaceId as jest.Mock).mockReturnValue('foo'); + await hostPolicyResponseHandler(mockContext, mockRequest, mockResponse); + + expect(getInternalFleetServicesSpy).toHaveBeenCalledWith('foo'); }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts index af8a38bcd0de2..7367201f5883a 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts @@ -7,7 +7,9 @@ import type { RequestHandler } from '@kbn/core/server'; import type { TypeOf } from '@kbn/config-schema'; -import { policyIndexPattern } from '../../../../common/endpoint/constants'; +import type { SecuritySolutionRequestHandlerContext } from '../../../types'; +import type { EndpointAppContextService } from '../../endpoint_app_context_services'; +import { errorHandler } from '../error_handler'; import type { GetPolicyResponseSchema, GetAgentPolicySummaryRequestSchema, @@ -15,21 +17,37 @@ import type { import type { EndpointAppContext } from '../../types'; import { getAgentPolicySummary, getPolicyResponseByAgentId } from './service'; import type { GetAgentSummaryResponse } from '../../../../common/endpoint/types'; +import { NotFoundError } from '../../errors'; -export const getHostPolicyResponseHandler = function (): RequestHandler< - undefined, +export const getHostPolicyResponseHandler = function ( + endpointAppContextServices: EndpointAppContextService +): RequestHandler< + never, TypeOf, - undefined + never, + SecuritySolutionRequestHandlerContext > { + const logger = endpointAppContextServices.createLogger('endpointPolicyResponse'); + return async (context, request, response) => { - const client = (await context.core).elasticsearch.client; - const doc = await getPolicyResponseByAgentId(policyIndexPattern, request.query.agentId, client); + const spaceId = (await context.securitySolution).getSpaceId(); + const esClient = (await context.core).elasticsearch.client.asInternalUser; + const fleetServices = endpointAppContextServices.getInternalFleetServices(spaceId); - if (doc) { - return response.ok({ body: doc }); - } + try { + const agentId = request.query.agentId; + const doc = await getPolicyResponseByAgentId(agentId, esClient, fleetServices); + + if (doc) { + return response.ok({ body: doc }); + } - return response.notFound({ body: 'Policy Response Not Found' }); + logger.debug(`Agent id [${agentId}] has no policy response documents indexed yet`); + + throw new NotFoundError(`Policy response for endpoint id [${agentId}] not found`); + } catch (err) { + return errorHandler(logger, response, err); + } }; }; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts index 18bf0bfcdd098..f437ed332828c 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts @@ -5,7 +5,6 @@ * 2.0. */ -import type { IRouter } from '@kbn/core/server'; import { GetPolicyResponseSchema, GetAgentPolicySummaryRequestSchema, @@ -17,10 +16,14 @@ import { BASE_POLICY_RESPONSE_ROUTE, } from '../../../../common/endpoint/constants'; import { withEndpointAuthz } from '../with_endpoint_authz'; +import type { SecuritySolutionPluginRouter } from '../../../types'; export const INITIAL_POLICY_ID = '00000000-0000-0000-0000-000000000000'; -export function registerPolicyRoutes(router: IRouter, endpointAppContext: EndpointAppContext) { +export function registerPolicyRoutes( + router: SecuritySolutionPluginRouter, + endpointAppContext: EndpointAppContext +) { const logger = endpointAppContext.logFactory.get('endpointPolicy'); router.versioned @@ -39,7 +42,7 @@ export function registerPolicyRoutes(router: IRouter, endpointAppContext: Endpoi withEndpointAuthz( { any: ['canReadSecuritySolution', 'canAccessFleet'] }, logger, - getHostPolicyResponseHandler() + getHostPolicyResponseHandler(endpointAppContext.service) ) ); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts index 24d26e715fb74..f95e4c4c2d1d6 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts @@ -6,36 +6,91 @@ */ import { GetPolicyResponseSchema } from '../../../../common/api/endpoint'; -import { getESQueryPolicyResponseByAgentID } from './service'; +import { getESQueryPolicyResponseByAgentID, getPolicyResponseByAgentId } from './service'; +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import type { ElasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; +import type { EndpointInternalFleetServicesInterfaceMocked } from '../../services/fleet/endpoint_fleet_services_factory.mocks'; +import { createEndpointFleetServicesFactoryMock } from '../../services/fleet/endpoint_fleet_services_factory.mocks'; +import { applyEsClientSearchMock } from '../../mocks/utils.mock'; +import { policyIndexPattern } from '../../../../common/endpoint/constants'; +import { EndpointPolicyResponseGenerator } from '../../../../common/endpoint/data_generators/endpoint_policy_response_generator'; -describe('test policy handlers schema', () => { - it('validate that get policy response query schema', async () => { - expect( - GetPolicyResponseSchema.query.validate({ - agentId: 'id', - }) - ).toBeTruthy(); +describe('Policy Response Services', () => { + describe('test policy handlers schema', () => { + it('validate that get policy response query schema', async () => { + expect( + GetPolicyResponseSchema.query.validate({ + agentId: 'id', + }) + ).toBeTruthy(); - expect(() => GetPolicyResponseSchema.query.validate({})).toThrowError(); + expect(() => GetPolicyResponseSchema.query.validate({})).toThrowError(); + }); }); -}); -describe('test policy query', () => { - it('queries for the correct host', async () => { - const agentId = 'f757d3c0-e874-11ea-9ad9-015510b487f4'; - const query = getESQueryPolicyResponseByAgentID(agentId, 'anyindex'); - expect(query.body?.query?.bool?.filter).toEqual({ term: { 'agent.id': agentId } }); + describe('test policy query', () => { + it('queries for the correct host', async () => { + const agentId = 'f757d3c0-e874-11ea-9ad9-015510b487f4'; + const query = getESQueryPolicyResponseByAgentID(agentId, 'anyindex'); + expect(query.body?.query?.bool?.filter).toEqual({ term: { 'agent.id': agentId } }); + }); + + it('filters out initial policy by ID', async () => { + const query = getESQueryPolicyResponseByAgentID( + 'f757d3c0-e874-11ea-9ad9-015510b487f4', + 'anyindex' + ); + expect(query.body?.query?.bool?.must_not).toEqual({ + term: { + 'Endpoint.policy.applied.id': '00000000-0000-0000-0000-000000000000', + }, + }); + }); }); - it('filters out initial policy by ID', async () => { - const query = getESQueryPolicyResponseByAgentID( - 'f757d3c0-e874-11ea-9ad9-015510b487f4', - 'anyindex' - ); - expect(query.body?.query?.bool?.must_not).toEqual({ - term: { - 'Endpoint.policy.applied.id': '00000000-0000-0000-0000-000000000000', - }, + describe('getPolicyResponseByAgentId()', () => { + let esClientMock: ElasticsearchClientMock; + let fleetServicesMock: EndpointInternalFleetServicesInterfaceMocked; + + beforeEach(() => { + esClientMock = elasticsearchServiceMock.createElasticsearchClient(); + fleetServicesMock = createEndpointFleetServicesFactoryMock().service.asInternalUser(); + + applyEsClientSearchMock({ + esClientMock, + index: policyIndexPattern, + response: EndpointPolicyResponseGenerator.toEsSearchResponse([ + EndpointPolicyResponseGenerator.toEsSearchHit( + new EndpointPolicyResponseGenerator('seed').generate({ agent: { id: '1-2-3' } }) + ), + ]), + }); + }); + + it('should search using the agent id provided on input', async () => { + await getPolicyResponseByAgentId('1-2-3', esClientMock, fleetServicesMock); + + expect(esClientMock.search).toHaveBeenCalledWith( + expect.objectContaining({ + body: expect.objectContaining({ + query: expect.objectContaining({ + bool: expect.objectContaining({ + filter: expect.objectContaining({ + term: expect.objectContaining({ + 'agent.id': '1-2-3', + }), + }), + }), + }), + }), + }) + ); + }); + + it('should validate that agent id is in current space', async () => { + await getPolicyResponseByAgentId('1-2-3', esClientMock, fleetServicesMock); + + expect(fleetServicesMock.ensureInCurrentSpace).toHaveBeenCalledWith({ agentIds: ['1-2-3'] }); }); }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts index fda09585e35d9..c5f398ee2d1f3 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts @@ -5,12 +5,15 @@ * 2.0. */ -import type { IScopedClusterClient, KibanaRequest } from '@kbn/core/server'; +import type { ElasticsearchClient, KibanaRequest } from '@kbn/core/server'; import type { Agent } from '@kbn/fleet-plugin/common/types/models'; import type { ISearchRequestParams } from '@kbn/search-types'; -import type { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types'; -import { INITIAL_POLICY_ID } from '.'; +import type { EndpointFleetServicesInterface } from '../../services/fleet'; +import { policyIndexPattern } from '../../../../common/endpoint/constants'; +import { catchAndWrapError } from '../../utils'; import type { EndpointAppContext } from '../../types'; +import { INITIAL_POLICY_ID } from '.'; +import type { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types'; export const getESQueryPolicyResponseByAgentID = ( agentID: string, @@ -46,14 +49,17 @@ export const getESQueryPolicyResponseByAgentID = ( }; export async function getPolicyResponseByAgentId( - index: string, agentID: string, - dataClient: IScopedClusterClient + esClient: ElasticsearchClient, + fleetServices: EndpointFleetServicesInterface ): Promise { - const query = getESQueryPolicyResponseByAgentID(agentID, index); - const response = await dataClient.asInternalUser.search(query); + const query = getESQueryPolicyResponseByAgentID(agentID, policyIndexPattern); + const response = await esClient.search(query).catch(catchAndWrapError); if (response.hits.hits.length > 0 && response.hits.hits[0]._source != null) { + // Ensure agent is in the current space id. Call to fleet will Error if agent is not in current space + await fleetServices.ensureInCurrentSpace({ agentIds: [agentID] }); + return { policy_response: response.hits.hits[0]._source, }; diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.test.ts new file mode 100644 index 0000000000000..821f7e6a43d42 --- /dev/null +++ b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.test.ts @@ -0,0 +1,105 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AgentStatusClientOptions } from '../lib/base_agent_status_client'; +import type { ApplyMetadataMocksResponse } from '../../../metadata/mocks'; +import { createEndpointMetadataServiceTestContextMock } from '../../../metadata/mocks'; +import { EndpointAgentStatusClient } from '../../..'; +import { getPendingActionsSummary as _getPendingActionsSummary } from '../../../actions/pending_actions_summary'; +import { createMockEndpointAppContextService } from '../../../../mocks'; +import { appContextService as fleetAppContextService } from '@kbn/fleet-plugin/server/services'; +import { createAppContextStartContractMock as fleetCreateAppContextStartContractMock } from '@kbn/fleet-plugin/server/mocks'; + +jest.mock('../../../actions/pending_actions_summary', () => { + const realModule = jest.requireActual('../../../actions/pending_actions_summary'); + return { + ...realModule, + getPendingActionsSummary: jest.fn(realModule.getPendingActionsSummary), + }; +}); + +const getPendingActionsSummaryMock = _getPendingActionsSummary as jest.Mock; + +describe('EndpointAgentStatusClient', () => { + let constructorOptions: AgentStatusClientOptions; + let statusClient: EndpointAgentStatusClient; + let dataMocks: ApplyMetadataMocksResponse; + + beforeEach(() => { + const endpointAppContextServiceMock = createMockEndpointAppContextService(); + const metadataMocks = createEndpointMetadataServiceTestContextMock(); + const soClient = endpointAppContextServiceMock.savedObjects.createInternalScopedSoClient({ + readonly: false, + }); + + dataMocks = metadataMocks.applyMetadataMocks( + metadataMocks.esClient, + metadataMocks.fleetServices + ); + (soClient.getCurrentNamespace as jest.Mock).mockReturnValue('foo'); + (endpointAppContextServiceMock.getEndpointMetadataService as jest.Mock).mockReturnValue( + metadataMocks.endpointMetadataService + ); + constructorOptions = { + endpointService: endpointAppContextServiceMock, + esClient: metadataMocks.esClient, + soClient, + }; + statusClient = new EndpointAgentStatusClient(constructorOptions); + + // FIXME:PT need to remove the need for this mock. It appears in several test files on our side. + // Its currently needed due to the direct use of Fleet's `buildAgentStatusRuntimeField()` in + // `x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts:239` + (soClient.find as jest.Mock).mockResolvedValue({ saved_objects: [] }); + fleetAppContextService.start( + fleetCreateAppContextStartContractMock({}, false, { + withoutSpaceExtensions: soClient, + }) + ); + }); + + it('should retrieve endpoint metadata service using space id', async () => { + await statusClient.getAgentStatuses(['one', 'two']); + + expect(constructorOptions.endpointService.getEndpointMetadataService).toHaveBeenCalledWith( + 'foo' + ); + }); + + it('should retrieve metadata and pending actions for the agents passed on input', async () => { + const metadataClient = constructorOptions.endpointService.getEndpointMetadataService(); + const agentIds = ['one', 'two']; + jest.spyOn(metadataClient, 'getHostMetadataList'); + await statusClient.getAgentStatuses(agentIds); + + expect(metadataClient.getHostMetadataList).toHaveBeenCalledWith( + expect.objectContaining({ kuery: 'agent.id: one or agent.id: two' }) + ); + expect(getPendingActionsSummaryMock).toHaveBeenCalledWith( + expect.anything(), + expect.anything(), + expect.anything(), + agentIds + ); + }); + + it('should return expected data structure', async () => { + await expect( + statusClient.getAgentStatuses([dataMocks.unitedMetadata.agent.id]) + ).resolves.toEqual({ + '0dc3661d-6e67-46b0-af39-6f12b025fcb0': { + agentId: '0dc3661d-6e67-46b0-af39-6f12b025fcb0', + agentType: 'endpoint', + found: true, + isolated: false, + lastSeen: expect.any(String), + pendingActions: {}, + status: 'unhealthy', + }, + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.ts index ed8e4f45a1367..eb059738a0290 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/endpoint/endpoint_agent_status_client.ts @@ -16,8 +16,11 @@ export class EndpointAgentStatusClient extends AgentStatusClient { protected readonly agentType: ResponseActionAgentType = 'endpoint'; async getAgentStatuses(agentIds: string[]): Promise { - const metadataService = this.options.endpointService.getEndpointMetadataService(); + const soClient = this.options.soClient; const esClient = this.options.esClient; + const metadataService = this.options.endpointService.getEndpointMetadataService( + soClient.getCurrentNamespace() + ); try { const agentIdsKql = agentIds.map((agentId) => `agent.id: ${agentId}`).join(' or '); @@ -53,7 +56,9 @@ export class EndpointAgentStatusClient extends AgentStatusClient { }, {}); } catch (err) { const error = new AgentStatusClientError( - `Failed to fetch endpoint agent statuses for agentIds: [${agentIds}], failed with: ${err.message}`, + `Failed to fetch endpoint agent statuses for agentIds: [${agentIds.join()}], failed with: ${ + err.message + }`, 500, err ); diff --git a/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.mocks.ts b/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.mocks.ts index 1e37993c95501..91119ea3df5fb 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.mocks.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.mocks.ts @@ -9,15 +9,19 @@ import type { DeeplyMockedKeys } from '@kbn/utility-types-jest'; import type { FleetStartContract } from '@kbn/fleet-plugin/server'; import { createFleetStartContractMock } from '@kbn/fleet-plugin/server/mocks'; import type { SavedObjectsClientFactory } from '../saved_objects'; -import type { EndpointFleetServicesFactoryInterface } from './endpoint_fleet_services_factory'; +import type { + EndpointFleetServicesFactoryInterface, + EndpointInternalFleetServicesInterface, +} from './endpoint_fleet_services_factory'; import { EndpointFleetServicesFactory } from './endpoint_fleet_services_factory'; import { createSavedObjectsClientFactoryMock } from '../saved_objects/saved_objects_client_factory.mocks'; -interface EndpointFleetServicesFactoryInterfaceMocked +export type EndpointInternalFleetServicesInterfaceMocked = + DeeplyMockedKeys; + +export interface EndpointFleetServicesFactoryInterfaceMocked extends EndpointFleetServicesFactoryInterface { - asInternalUser: () => DeeplyMockedKeys< - ReturnType - >; + asInternalUser: () => EndpointInternalFleetServicesInterfaceMocked; } interface CreateEndpointFleetServicesFactoryMockOptions { @@ -36,11 +40,19 @@ export const createEndpointFleetServicesFactoryMock = ( savedObjects = createSavedObjectsClientFactoryMock().service, } = dependencies; + const serviceFactoryMock = new EndpointFleetServicesFactory( + fleetDependencies, + savedObjects + ) as unknown as EndpointFleetServicesFactoryInterfaceMocked; + + const fleetInternalServicesMocked = serviceFactoryMock.asInternalUser(); + jest.spyOn(fleetInternalServicesMocked, 'ensureInCurrentSpace'); + + const asInternalUserSpy = jest.spyOn(serviceFactoryMock, 'asInternalUser'); + asInternalUserSpy.mockReturnValue(fleetInternalServicesMocked); + return { - service: new EndpointFleetServicesFactory( - fleetDependencies, - savedObjects - ) as unknown as EndpointFleetServicesFactoryInterfaceMocked, + service: serviceFactoryMock, dependencies: { fleetDependencies, savedObjects }, }; }; diff --git a/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts b/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts index 27df7645b7fc2..50e2006272218 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/fleet/endpoint_fleet_services_factory.ts @@ -12,7 +12,14 @@ import type { PackagePolicyClient, PackageClient, } from '@kbn/fleet-plugin/server'; +import { AgentNotFoundError } from '@kbn/fleet-plugin/server'; import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common'; +import type { SavedObjectsClientContract } from '@kbn/core/server'; +import { + AgentPolicyNotFoundError, + PackagePolicyNotFoundError, +} from '@kbn/fleet-plugin/server/errors'; +import { NotFoundError } from '../../errors'; import type { SavedObjectsClientFactory } from '../saved_objects'; /** @@ -25,14 +32,26 @@ export interface EndpointFleetServicesInterface { packagePolicy: PackagePolicyClient; /** The `kuery` that can be used to filter for Endpoint integration policies */ endpointPolicyKuery: string; + + /** + * Will check the data provided to ensure it is visible for the current space. Supports + * several types of data (ex. integration policies, agent policies, etc) + */ + ensureInCurrentSpace(options: EnsureInCurrentSpaceOptions): Promise; } +type EnsureInCurrentSpaceOptions = Partial<{ + agentIds: string[]; + agentPolicyIds: string[]; + integrationPolicyIds: string[]; +}>; + export interface EndpointInternalFleetServicesInterface extends EndpointFleetServicesInterface { savedObjects: SavedObjectsClientFactory; } export interface EndpointFleetServicesFactoryInterface { - asInternalUser(): EndpointInternalFleetServicesInterface; + asInternalUser(spaceId?: string): EndpointInternalFleetServicesInterface; } /** @@ -44,24 +63,66 @@ export class EndpointFleetServicesFactory implements EndpointFleetServicesFactor private readonly savedObjects: SavedObjectsClientFactory ) {} - asInternalUser(): EndpointInternalFleetServicesInterface { + asInternalUser(spaceId?: string): EndpointInternalFleetServicesInterface { const { agentPolicyService: agentPolicy, packagePolicyService: packagePolicy, agentService, packageService, } = this.fleetDependencies; + const agent = spaceId + ? agentService.asInternalScopedUser(spaceId) + : agentService.asInternalUser; + + // Lazily Initialized at the time it is needed + let soClient: SavedObjectsClientContract; + + const ensureInCurrentSpace: EndpointFleetServicesInterface['ensureInCurrentSpace'] = async ({ + integrationPolicyIds = [], + agentPolicyIds = [], + agentIds = [], + }): Promise => { + if (!soClient) { + soClient = this.savedObjects.createInternalScopedSoClient({ spaceId }); + } + + const handlePromiseErrors = (err: Error): never => { + // We wrap the error with our own Error class so that the API can property return a 404 + if ( + err instanceof AgentNotFoundError || + err instanceof AgentPolicyNotFoundError || + err instanceof PackagePolicyNotFoundError + ) { + throw new NotFoundError(err.message, err); + } + + throw err; + }; + + await Promise.all([ + agentIds.length ? agent.getByIds(agentIds).catch(handlePromiseErrors) : null, + + agentPolicyIds.length + ? agentPolicy.getByIds(soClient, agentPolicyIds).catch(handlePromiseErrors) + : null, + + integrationPolicyIds.length + ? packagePolicy.getByIDs(soClient, integrationPolicyIds).catch(handlePromiseErrors) + : null, + ]); + }; return { - agent: agentService.asInternalUser, + agent, agentPolicy, packages: packageService.asInternalUser, packagePolicy, - endpointPolicyKuery: `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name: "endpoint"`, - savedObjects: this.savedObjects, + + endpointPolicyKuery: `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name: "endpoint"`, + ensureInCurrentSpace, }; } } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.test.ts index 2fe173ff55eb5..8a4022771d69c 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.test.ts @@ -76,6 +76,18 @@ describe('EndpointMetadataService', () => { const response = await metadataService.findHostMetadataForFleetAgents(fleetAgentIds); expect(response).toEqual([endpointMetadataDoc]); }); + + it('should validate agent is visible in current space', async () => { + const data = testMockedContext.applyMetadataMocks( + testMockedContext.esClient, + testMockedContext.fleetServices + ); + await metadataService.findHostMetadataForFleetAgents([data.unitedMetadata.agent.id]); + + expect(testMockedContext.fleetServices.ensureInCurrentSpace).toHaveBeenCalledWith({ + agentIds: [data.unitedMetadata.agent.id], + }); + }); }); describe('#getHostMetadataList', () => { @@ -219,4 +231,32 @@ describe('EndpointMetadataService', () => { expect(endpointPackagePolicies).toEqual(expected); }); }); + + describe('#getHostMetadata()', () => { + it('should validate agent is visible in current space', async () => { + const data = testMockedContext.applyMetadataMocks( + testMockedContext.esClient, + testMockedContext.fleetServices + ); + await metadataService.getHostMetadata(data.unitedMetadata.agent.id); + + expect(testMockedContext.fleetServices.ensureInCurrentSpace).toHaveBeenCalledWith({ + agentIds: [data.unitedMetadata.agent.id], + }); + }); + }); + + describe('#getMetadataForEndpoints()', () => { + it('should validate agent is visible in current space', async () => { + const data = testMockedContext.applyMetadataMocks( + testMockedContext.esClient, + testMockedContext.fleetServices + ); + await metadataService.getMetadataForEndpoints([data.unitedMetadata.agent.id]); + + expect(testMockedContext.fleetServices.ensureInCurrentSpace).toHaveBeenCalledWith({ + agentIds: [data.unitedMetadata.agent.id], + }); + }); + }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.ts b/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.ts index 3f3d756c70aab..1ce77561b7904 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.ts @@ -65,6 +65,28 @@ export class EndpointMetadataService { private readonly logger?: Logger ) {} + /** + * Validates that the data retrieved is valid for the current user space. We do this + * by just querying fleet to ensure the policy is visible in the current space + * (the space is determined from the `soClient`) + * + * @protected + */ + protected async ensureDataValidForSpace(data: SearchResponse): Promise { + const agentIds = (data?.hits?.hits || []) + .map((hit) => hit._source?.agent.id ?? '') + .filter((id) => !!id); + + if (agentIds.length > 0) { + this.logger?.debug( + `Checking to see if the following agent ids are valid for current space:\n${agentIds.join( + '\n' + )}` + ); + await this.fleetServices.ensureInCurrentSpace({ agentIds }); + } + } + /** * Retrieve a single endpoint host metadata. Note that the return endpoint document, if found, * could be associated with a Fleet Agent that is no longer active. If wanting to ensure the @@ -77,6 +99,9 @@ export class EndpointMetadataService { async getHostMetadata(endpointId: string): Promise { const query = getESQueryHostMetadataByID(endpointId); const queryResult = await this.esClient.search(query).catch(catchAndWrapError); + + await this.ensureDataValidForSpace(queryResult); + const endpointMetadata = queryResponseToHostResult(queryResult).result; if (endpointMetadata) { @@ -100,6 +125,8 @@ export class EndpointMetadataService { .search(query, { ignore: [404] }) .catch(catchAndWrapError); + await this.ensureDataValidForSpace(searchResult); + return queryResponseToHostListResult(searchResult).resultList; } @@ -335,6 +362,9 @@ export class EndpointMetadataService { unitedMetadataQueryResponse = await this.esClient.search( unitedIndexQuery ); + // FYI: we don't need to run the ES search response through `this.ensureDataValidForSpace()` because + // the query (`unitedIndexQuery`) above already included a filter with all of the valid policy ids + // for the current space - thus data is already coped to the space } catch (error) { const errorType = error?.meta?.body?.error?.type ?? ''; if (errorType === 'index_not_found_exception') { @@ -389,7 +419,6 @@ export class EndpointMetadataService { const agentPolicy = agentPoliciesMap[_agent.policy_id!]; // eslint-disable-next-line @typescript-eslint/no-non-null-assertion const endpointPolicy = endpointPoliciesMap[_agent.policy_id!]; - const runtimeFields: Partial = { status: doc?.fields?.status?.[0], last_checkin: doc?.fields?.last_checkin?.[0], @@ -415,10 +444,10 @@ export class EndpointMetadataService { async getMetadataForEndpoints(endpointIDs: string[]): Promise { const query = getESQueryHostMetadataByIDs(endpointIDs); - const { body } = await this.esClient.search(query, { - meta: true, - }); - const hosts = queryResponseToHostListResult(body); - return hosts.resultList; + const searchResult = await this.esClient.search(query).catch(catchAndWrapError); + + await this.ensureDataValidForSpace(searchResult); + + return queryResponseToHostListResult(searchResult).resultList; } } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/metadata/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/services/metadata/mocks.ts index f0c5fb8d74bcd..51c70a461ee14 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/metadata/mocks.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/metadata/mocks.ts @@ -9,11 +9,25 @@ import type { SavedObjectsServiceStart } from '@kbn/core/server'; import { coreMock, type ElasticsearchClientMock, loggingSystemMock } from '@kbn/core/server/mocks'; import type { createPackagePolicyServiceMock } from '@kbn/fleet-plugin/server/mocks'; import type { AgentPolicyServiceInterface, AgentService } from '@kbn/fleet-plugin/server'; +import type { Agent, GetAgentPoliciesResponseItem } from '@kbn/fleet-plugin/common'; +import type { + PolicyData, + UnitedAgentMetadataPersistedData, +} from '../../../../common/endpoint/types'; +import { FleetAgentPolicyGenerator } from '../../../../common/endpoint/data_generators/fleet_agent_policy_generator'; +import { FleetAgentGenerator } from '../../../../common/endpoint/data_generators/fleet_agent_generator'; +import { FleetPackagePolicyGenerator } from '../../../../common/endpoint/data_generators/fleet_package_policy_generator'; +import { applyEsClientSearchMock } from '../../mocks/utils.mock'; +import type { EndpointInternalFleetServicesInterfaceMocked } from '../fleet/endpoint_fleet_services_factory.mocks'; import { createEndpointFleetServicesFactoryMock } from '../fleet/endpoint_fleet_services_factory.mocks'; import { createMockEndpointAppContextServiceStartContract } from '../../mocks'; import { EndpointMetadataService } from './endpoint_metadata_service'; -import type { EndpointInternalFleetServicesInterface } from '../fleet/endpoint_fleet_services_factory'; import { SavedObjectsClientFactory } from '../saved_objects'; +import { + METADATA_UNITED_INDEX, + metadataCurrentIndexPattern, +} from '../../../../common/endpoint/constants'; +import { EndpointMetadataGenerator } from '../../../../common/endpoint/data_generators/endpoint_metadata_generator'; /** * Endpoint Metadata Service test context. Includes an instance of `EndpointMetadataService` along with the @@ -25,9 +39,10 @@ export interface EndpointMetadataServiceTestContextMock { agentPolicyService: jest.Mocked; packagePolicyService: ReturnType; endpointMetadataService: EndpointMetadataService; - fleetServices: EndpointInternalFleetServicesInterface; + fleetServices: EndpointInternalFleetServicesInterfaceMocked; logger: ReturnType['get']>; esClient: ElasticsearchClientMock; + applyMetadataMocks: typeof applyMetadataMocks; } export const createEndpointMetadataServiceTestContextMock = @@ -64,12 +79,111 @@ export const createEndpointMetadataServiceTestContextMock = agentService: { asInternalUser: fleetServices.agent, asScoped: jest.fn().mockReturnValue(fleetServices.agent), + asInternalScopedUser: jest.fn().mockReturnValue(fleetServices.agent), }, agentPolicyService: fleetServices.agentPolicy, packagePolicyService: fleetServices.packagePolicy, logger, endpointMetadataService, fleetServices, + applyMetadataMocks, esClient: esClient as ElasticsearchClientMock, }; }; + +export interface ApplyMetadataMocksResponse { + unitedMetadata: UnitedAgentMetadataPersistedData; + integrationPolicies: PolicyData[]; + agentPolicies: GetAgentPoliciesResponseItem[]; + agents: Agent[]; +} + +/** + * Apply mocks to the various services used to retrieve metadata via the EndpointMetadataService. + * Returns the data that is used in the mocks, thus allowing manipulation of it before running the + * test. + * @param esClientMock + * @param fleetServices + */ +export const applyMetadataMocks = ( + esClientMock: ElasticsearchClientMock, + fleetServices: EndpointInternalFleetServicesInterfaceMocked +): ApplyMetadataMocksResponse => { + const metadataGenerator = new EndpointMetadataGenerator('seed'); + const fleetIntegrationPolicyGenerator = new FleetPackagePolicyGenerator('seed'); + const fleetAgentGenerator = new FleetAgentGenerator('seed'); + const fleetAgentPolicyGenerator = new FleetAgentPolicyGenerator('seed'); + + const unitedMetadata = metadataGenerator.generateUnitedAgentMetadata(); + const integrationPolicies = [ + fleetIntegrationPolicyGenerator.generateEndpointPackagePolicy({ + id: unitedMetadata.united.endpoint.Endpoint.policy.applied.id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + policy_ids: [unitedMetadata.united.agent.policy_id!], + }), + ]; + const agentPolicies = [ + fleetAgentPolicyGenerator.generate({ id: unitedMetadata.united.agent.policy_id }), + ]; + const agents = [ + fleetAgentGenerator.generate({ + id: unitedMetadata.agent.id, + policy_id: agentPolicies[0].id, + }), + ]; + + applyEsClientSearchMock({ + esClientMock, + index: METADATA_UNITED_INDEX, + response: metadataGenerator.toEsSearchResponse([ + metadataGenerator.toEsSearchHit(unitedMetadata, METADATA_UNITED_INDEX), + ]), + }); + + applyEsClientSearchMock({ + esClientMock, + index: metadataCurrentIndexPattern, + response: metadataGenerator.toEsSearchResponse([ + metadataGenerator.toEsSearchHit(unitedMetadata.united.endpoint, metadataCurrentIndexPattern), + ]), + }); + + fleetServices.packagePolicy.list.mockImplementation(async (_, { page = 1 }) => { + // FYI: need to implement returning an empty list of items after page 1 due to how + // `getAllEndpointPackagePolicies()` is currently looping through all policies + // See `x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/endpoint_package_policies.ts` + return { + items: page === 1 ? integrationPolicies : [], + page: 1, + total: 1, + perPage: 20, + }; + }); + + fleetServices.packagePolicy.get.mockImplementation(async () => { + return integrationPolicies[0]; + }); + + fleetServices.agentPolicy.getByIds.mockImplementation(async () => { + return agentPolicies; + }); + + fleetServices.agentPolicy.get.mockImplementation(async () => { + return agentPolicies[0]; + }); + + fleetServices.agent.getByIds.mockImplementation(async () => { + return agents; + }); + + fleetServices.agent.getAgent.mockImplementation(async () => { + return agents[0]; + }); + + return { + unitedMetadata, + integrationPolicies, + agentPolicies, + agents, + }; +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/esql.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/esql.ts index 173d722d782a1..0adc9c1d77d3d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/esql.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/esql.ts @@ -30,6 +30,7 @@ import { buildReasonMessageForEsqlAlert } from '../utils/reason_formatters'; import type { RulePreviewLoggedRequest } from '../../../../../common/api/detection_engine/rule_preview/rule_preview.gen'; import type { CreateRuleOptions, RunOpts, SignalSource } from '../types'; import { logEsqlRequest } from '../utils/logged_requests'; +import { getDataTierFilter } from '../utils/get_data_tier_filter'; import * as i18n from '../translations'; import { @@ -90,6 +91,10 @@ export const esqlExecutor = async ({ return withSecuritySpan('esqlExecutor', async () => { const result = createSearchAfterReturnType(); let size = tuple.maxSignals; + const dataTiersFilters = await getDataTierFilter({ + uiSettingsClient: services.uiSettingsClient, + }); + try { while ( result.createdSignalsCount <= tuple.maxSignals && @@ -100,7 +105,7 @@ export const esqlExecutor = async ({ from: tuple.from.toISOString(), to: tuple.to.toISOString(), size, - filters: [], + filters: dataTiersFilters, primaryTimestamp, secondaryTimestamp, exceptionFilter, diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 6d57eec4f3b99..0eb43e13319ad 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -32016,11 +32016,9 @@ "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.completedTitle": "Les logs sont en cours de transfert.", "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.incompleteTitle": "Transfert des logs dans Elastic Observability", "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.loadingTitle": "En attente du transfert des logs…", - "xpack.observability_onboarding.installElasticAgent.stepPanel.collectSystemLogsLabel": "Collecter des logs système", "xpack.observability_onboarding.installElasticAgent.troubleshooting": "Résolution des problèmes", "xpack.observability_onboarding.installIntegration.error.unauthorized": "Le privilège Kibana {requiredKibanaPrivileges} requis est manquant. Veuillez ajouter le privilège requis au rôle de l'utilisateur authentifié.", "xpack.observability_onboarding.installOtelCollector.configStep.copyCommand": "Copier dans le presse-papiers", - "xpack.observability_onboarding.installOtelCollector.configStep.downloadConfigButton": "Télécharger le manifeste", "xpack.observability_onboarding.otelLogs.status.failed": "Échec de l'installation de l'intégration", "xpack.observability_onboarding.otelLogs.status.failedDetails": "Les données entrantes peuvent ne pas être indexées correctement. Détails :", "xpack.observability_onboarding.otelLogsPanel.choosePlatform": "Choisissez une plateforme", @@ -32031,11 +32029,9 @@ "xpack.observability_onboarding.otelLogsPanel.feedbackButtons.title": "Donner un retour", "xpack.observability_onboarding.otelLogsPanel.historicalDataDescription": "Les nouveaux messages de log sont collectés à partir de la configuration.", "xpack.observability_onboarding.otelLogsPanel.historicalDataDescription2": "Le chemin des logs par défaut est /var/log/*. Vous pouvez si nécessaire modifier ce chemin dans le fichier otel.yml.", - "xpack.observability_onboarding.otelLogsPanel.kubernetesApplyCommandPromptLabel": "À partir du répertoire où le manifeste est téléchargé, exécutez la commande suivante pour installer le collecteur sur chaque nœud de votre cluster :", "xpack.observability_onboarding.otelLogsPanel.limitationTitle": "Informations sur la configuration", "xpack.observability_onboarding.otelLogsPanel.p.runTheCommandOnYourHostLabel": "Exécutez la commande suivante sur votre hôte pour télécharger et configurer le collecteur.", "xpack.observability_onboarding.otelLogsPanel.p.startTheCollectorLabel": "Exécutez la commande suivante pour lancer le collecteur", - "xpack.observability_onboarding.otelLogsPanel.steps.downloadManifest": "Télécharger le manifeste :", "xpack.observability_onboarding.otelLogsPanel.steps.platform": "Sélectionnez votre plateforme", "xpack.observability_onboarding.otelLogsPanel.steps.start": "Lancez le collecteur", "xpack.observability_onboarding.otelLogsPanel.techPreviewBadge.label": "Version d'évaluation technique", @@ -32047,18 +32043,6 @@ "xpack.observability_onboarding.packageList.uploadFileDescription": "Téléchargez les données d'un fichier CSV, TSV, JSON ou autre fichier log vers Elasticsearch pour analyse.", "xpack.observability_onboarding.packageList.uploadFileTitle": "Charger un fichier", "xpack.observability_onboarding.steps.exploreLogs": "Explorer les logs", - "xpack.observability_onboarding.systemIntegration.installed": "Intégration du système installée. {systemIntegrationTooltip}", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.description": "Les intégrations rationalisent la connexion de vos donnés avec la Suite Elastic.", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.label": "Détails de l'intégration", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.link": "{learnMoreLink} sur les données que vous pouvez collecter à l'aide de l'intégration des systèmes.", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.link.label": "En savoir plus", - "xpack.observability_onboarding.systemIntegration.installing": "Installation de l'intégration des systèmes", - "xpack.observability_onboarding.systemIntegration.status.failed": "Échec de l'installation de l'intégration des systèmes", - "xpack.observability_onboarding.systemLogs.installElasticAgent.description": "Pour collecter les données depuis votre système et les intégrer à Elastic, vous devez d'abord installer un outil de transfert sur la machine qui génère les logs. Dans ce cas, l'outil de transfert est un agent développé par Elastic.", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.completedTitle": "Les logs sont en cours de transfert.", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.incompleteTitle": "Transfert des logs dans Elastic Observability", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.loadingTitle": "En attente du transfert des logs…", - "xpack.observability_onboarding.systemLogs.installShipper.title": "Installer l'agent de transfert pour collecter les logs système", "xpack.observability_onboarding.windows.installStep.description": "Cette intégration n'est actuellement disponible que sur les systèmes Linux et MacOS. Consultez notre documentation pour en savoir plus sur la diffusion de fichiers de log vers Elastic depuis un système Windows.", "xpack.observability_onboarding.windows.installStep.link.label": "Lire la documentation", "xpack.observability..customThreshold.rule.alertFlyout.aggregationText.rate": "Taux", @@ -47508,4 +47492,4 @@ "xpack.watcher.watchEdit.thresholdWatchExpression.aggType.fieldIsRequiredValidationMessage": "Ce champ est requis.", "xpack.watcher.watcherDescription": "Détectez les modifications survenant dans vos données en créant, gérant et monitorant des alertes." } -} +} \ No newline at end of file diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 97e97f1e97c51..ac7221091cc67 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -31761,11 +31761,9 @@ "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.completedTitle": "ログを送信中です。", "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.incompleteTitle": "Elasticオブザーバビリティにログを送信", "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.loadingTitle": "ログの送信を待機中...", - "xpack.observability_onboarding.installElasticAgent.stepPanel.collectSystemLogsLabel": "システムログを収集", "xpack.observability_onboarding.installElasticAgent.troubleshooting": "トラブルシューティング", "xpack.observability_onboarding.installIntegration.error.unauthorized": "必要なkibana権限{requiredKibanaPrivileges}がありません。認証されたユーザーのロールに必要な権限を追加してください。", "xpack.observability_onboarding.installOtelCollector.configStep.copyCommand": "クリップボードにコピー", - "xpack.observability_onboarding.installOtelCollector.configStep.downloadConfigButton": "マニフェストのダウンロード", "xpack.observability_onboarding.otelLogs.status.failed": "統合のインストールに失敗しました", "xpack.observability_onboarding.otelLogs.status.failedDetails": "受信データは正しくインデックス化されていない可能性があります。詳細:", "xpack.observability_onboarding.otelLogsPanel.choosePlatform": "プラットフォームを選択", @@ -31776,11 +31774,9 @@ "xpack.observability_onboarding.otelLogsPanel.feedbackButtons.title": "フィードバックを作成する", "xpack.observability_onboarding.otelLogsPanel.historicalDataDescription": "今後、新しいログメッセージはセットアップから収集されます。", "xpack.observability_onboarding.otelLogsPanel.historicalDataDescription2": "デフォルトのログのパスは/var/log/*です。必要に応じて、otel.ymlファイルでこのパスを変更できます。", - "xpack.observability_onboarding.otelLogsPanel.kubernetesApplyCommandPromptLabel": "マニフェストがダウンロードされるディレクトリから、次のコマンドを実行し、クラスターのすべてのノードでコレクターをインストールします。", "xpack.observability_onboarding.otelLogsPanel.limitationTitle": "構成情報", "xpack.observability_onboarding.otelLogsPanel.p.runTheCommandOnYourHostLabel": "ホストで次のコマンドを実行して、コレクターをダウンロード、構成します。", "xpack.observability_onboarding.otelLogsPanel.p.startTheCollectorLabel": "コレクターを開始するには、次のコマンドを実行してください", - "xpack.observability_onboarding.otelLogsPanel.steps.downloadManifest": "マニフェストをダウンロード:", "xpack.observability_onboarding.otelLogsPanel.steps.platform": "プラットフォームを選択", "xpack.observability_onboarding.otelLogsPanel.steps.start": "コレクターを開始", "xpack.observability_onboarding.otelLogsPanel.techPreviewBadge.label": "テクニカルプレビュー", @@ -31792,18 +31788,6 @@ "xpack.observability_onboarding.packageList.uploadFileDescription": "分析するため、CSV、TSV、JSON、他のログファイルからElasticsearchにアップロードします。", "xpack.observability_onboarding.packageList.uploadFileTitle": "ファイルをアップロード", "xpack.observability_onboarding.steps.exploreLogs": "ログを探索", - "xpack.observability_onboarding.systemIntegration.installed": "システム統合がインストールされました。{systemIntegrationTooltip}", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.description": "統合により、Elastic Stackへのデータ接続が効率化されます。", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.label": "統合の詳細", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.link": "システム統合を使用して収集できるデータについて{learnMoreLink}。", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.link.label": "詳細", - "xpack.observability_onboarding.systemIntegration.installing": "システム統合をインストール中", - "xpack.observability_onboarding.systemIntegration.status.failed": "システム統合のインストールに失敗しました", - "xpack.observability_onboarding.systemLogs.installElasticAgent.description": "システムからデータを収集してElasticにストリーミングするには、まずログを生成するコンピューターでシッピングツールをインストールする必要があります。この場合、シッピングツールはElasticが開発したエージェントです。", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.completedTitle": "ログを送信中です。", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.incompleteTitle": "Elasticオブザーバビリティにログを送信", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.loadingTitle": "ログの送信を待機中...", - "xpack.observability_onboarding.systemLogs.installShipper.title": "システムログを収集するためのシッパーをインストール", "xpack.observability_onboarding.windows.installStep.description": "現在、このオンボーディングはLinuxとMacOSシステムでのみ利用可能です。WindowsシステムからElasticにログファイルをストリーミングする方法については、当社のドキュメントをご覧ください。", "xpack.observability_onboarding.windows.installStep.link.label": "ドキュメントを読む", "xpack.observability..customThreshold.rule.alertFlyout.aggregationText.rate": "レート", @@ -47246,4 +47230,4 @@ "xpack.watcher.watchEdit.thresholdWatchExpression.aggType.fieldIsRequiredValidationMessage": "フィールドを選択してください。", "xpack.watcher.watcherDescription": "アラートの作成、管理、監視によりデータへの変更を検知します。" } -} +} \ No newline at end of file diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 7194f977d4787..c05573fdeb550 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -31803,11 +31803,9 @@ "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.completedTitle": "正在传输日志!", "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.incompleteTitle": "传输日志到 Elastic Observability", "xpack.observability_onboarding.installElasticAgent.progress.logsIngest.loadingTitle": "等待传输日志......", - "xpack.observability_onboarding.installElasticAgent.stepPanel.collectSystemLogsLabel": "收集系统日志", "xpack.observability_onboarding.installElasticAgent.troubleshooting": "故障排除", "xpack.observability_onboarding.installIntegration.error.unauthorized": "缺失所需的 Kibana 权限 {requiredKibanaPrivileges},请将所需权限添加到已通过身份验证的用户的角色。", "xpack.observability_onboarding.installOtelCollector.configStep.copyCommand": "复制到剪贴板", - "xpack.observability_onboarding.installOtelCollector.configStep.downloadConfigButton": "下载清单", "xpack.observability_onboarding.otelLogs.status.failed": "集成安装失败", "xpack.observability_onboarding.otelLogs.status.failedDetails": "传入数据可能未正确索引。详情:", "xpack.observability_onboarding.otelLogsPanel.choosePlatform": "选择平台", @@ -31818,11 +31816,9 @@ "xpack.observability_onboarding.otelLogsPanel.feedbackButtons.title": "反馈", "xpack.observability_onboarding.otelLogsPanel.historicalDataDescription": "将从设置完成后收集新的日志消息。", "xpack.observability_onboarding.otelLogsPanel.historicalDataDescription2": "默认日志路径为 /var/log/*。如果需要,可以在 otel.yml 文件中更改此路径。", - "xpack.observability_onboarding.otelLogsPanel.kubernetesApplyCommandPromptLabel": "从下载清单的目录中,运行以下命令以在您集群的每个节点上安装收集器:", "xpack.observability_onboarding.otelLogsPanel.limitationTitle": "配置信息", "xpack.observability_onboarding.otelLogsPanel.p.runTheCommandOnYourHostLabel": "在您的主机上运行以下命令,以下载和配置收集器。", "xpack.observability_onboarding.otelLogsPanel.p.startTheCollectorLabel": "运行以下命令以启动收集器", - "xpack.observability_onboarding.otelLogsPanel.steps.downloadManifest": "下载清单:", "xpack.observability_onboarding.otelLogsPanel.steps.platform": "选择平台", "xpack.observability_onboarding.otelLogsPanel.steps.start": "启动收集器", "xpack.observability_onboarding.otelLogsPanel.techPreviewBadge.label": "技术预览", @@ -31834,18 +31830,6 @@ "xpack.observability_onboarding.packageList.uploadFileDescription": "从 CSV、TSV、JSON 或其他日志文件上传数据到 Elasticsearch 以进行分析。", "xpack.observability_onboarding.packageList.uploadFileTitle": "上传文件", "xpack.observability_onboarding.steps.exploreLogs": "浏览日志", - "xpack.observability_onboarding.systemIntegration.installed": "已安装系统集成。{systemIntegrationTooltip}", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.description": "集成会精简将您的数据连接到 Elastic Stack 的过程。", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.label": "集成详情", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.link": "使用系统集成{learnMoreLink}有关您可收集的数据的信息。", - "xpack.observability_onboarding.systemIntegration.installed.tooltip.link.label": "了解详情", - "xpack.observability_onboarding.systemIntegration.installing": "正在安装系统集成", - "xpack.observability_onboarding.systemIntegration.status.failed": "安装系统集成失败", - "xpack.observability_onboarding.systemLogs.installElasticAgent.description": "要从您的系统收集数据并将其流式传输到 Elastic,您首先需要在生成日志的机器上安装传输工具。在此情况下,传输工具为由 Elastic 开发的代理。", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.completedTitle": "正在传输日志!", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.incompleteTitle": "传输日志到 Elastic Observability", - "xpack.observability_onboarding.systemLogs.installElasticAgent.progress.logsIngest.loadingTitle": "等待传输日志......", - "xpack.observability_onboarding.systemLogs.installShipper.title": "安装采集器以收集系统日志", "xpack.observability_onboarding.windows.installStep.description": "此载入当前仅可用于 Linux 和 MacOS 系统。请参阅我们的文档了解有关将日志文件从 Windows 系统流式传输到 Elastic 的信息。", "xpack.observability_onboarding.windows.installStep.link.label": "阅读文档", "xpack.observability..customThreshold.rule.alertFlyout.aggregationText.rate": "比率", @@ -47299,4 +47283,4 @@ "xpack.watcher.watchEdit.thresholdWatchExpression.aggType.fieldIsRequiredValidationMessage": "此字段必填。", "xpack.watcher.watcherDescription": "通过创建、管理和监测警报来检测数据中的更改。" } -} +} \ No newline at end of file diff --git a/x-pack/plugins/triggers_actions_ui/common/experimental_features.ts b/x-pack/plugins/triggers_actions_ui/common/experimental_features.ts index 1f055b965115a..07f70b9b329a7 100644 --- a/x-pack/plugins/triggers_actions_ui/common/experimental_features.ts +++ b/x-pack/plugins/triggers_actions_ui/common/experimental_features.ts @@ -24,6 +24,8 @@ export const allowedExperimentalValues = Object.freeze({ isUsingRuleCreateFlyout: false, }); +const deprecatedExperimentalValues = new Set(['ruleFormV2']); + type ExperimentalConfigKeys = Array; type Mutable = { -readonly [P in keyof T]: T[P] }; @@ -56,7 +58,10 @@ export const parseExperimentalConfigValue = (configValue: string[]): Experimenta }; export const isValidExperimentalValue = (value: string): boolean => { - return allowedKeys.includes(value as keyof ExperimentalFeatures); + return ( + allowedKeys.includes(value as keyof ExperimentalFeatures) || + deprecatedExperimentalValues.has(value) + ); }; export const getExperimentalAllowedValues = (): string[] => [...allowedKeys]; diff --git a/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz b/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz deleted file mode 100644 index 88c7995a2c26c..0000000000000 Binary files a/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz and /dev/null differ diff --git a/x-pack/test/functional/page_objects/index_management_page.ts b/x-pack/test/functional/page_objects/index_management_page.ts index 8077581bbbb48..848c7c9e5b0e3 100644 --- a/x-pack/test/functional/page_objects/index_management_page.ts +++ b/x-pack/test/functional/page_objects/index_management_page.ts @@ -16,6 +16,12 @@ export function IndexManagementPageProvider({ getService }: FtrProviderContext) async sectionHeadingText() { return await testSubjects.getVisibleText('appTitle'); }, + + async expectToBeOnIndicesManagement() { + const headingText = await testSubjects.getVisibleText('appTitle'); + expect(headingText).to.be('Index Management'); + }, + async reloadIndices() { await testSubjects.click('reloadIndicesButton'); }, diff --git a/x-pack/test/observability_onboarding_api_integration/tests/elastic_agent/config.spec.ts b/x-pack/test/observability_onboarding_api_integration/tests/elastic_agent/config.spec.ts index 9a86035bb4409..6dcbaf629a374 100644 --- a/x-pack/test/observability_onboarding_api_integration/tests/elastic_agent/config.spec.ts +++ b/x-pack/test/observability_onboarding_api_integration/tests/elastic_agent/config.spec.ts @@ -84,36 +84,6 @@ export default function ApiTest({ getService }: FtrProviderContext) { ); }); }); - - describe('and onboarding type is systemLogs', () => { - before(async () => { - const req = await observabilityOnboardingApiClient.logMonitoringUser({ - endpoint: 'POST /internal/observability_onboarding/logs/flow', - params: { - body: { - type: 'systemLogs', - name: 'name', - }, - }, - }); - - onboardingId = req.body.onboardingId; - }); - - it('should return input properties configured', async () => { - const req = await callApi({ - onboardingId, - }); - - expect(req.status).to.be(200); - - const ymlConfig = load(req.text); - expect(ymlConfig.inputs[0].data_stream.namespace).to.be('default'); - expect(ymlConfig.inputs[0].streams.length).to.be(2); - expect(ymlConfig.inputs[0].streams[0].data_stream.dataset).to.be('system.auth'); - expect(ymlConfig.inputs[0].streams[1].data_stream.dataset).to.be('system.syslog'); - }); - }); }); }); } diff --git a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts index 0a7802e9682c6..bc3a5873d1bf9 100644 --- a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts +++ b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts @@ -176,73 +176,6 @@ export default function ApiTest({ getService }: FtrProviderContext) { await synthtrace.clean(); }); }); - - describe('and onboarding type is systemLogs', () => { - let systemLogsOnboardingId: string; - - before(async () => { - const req = await observabilityOnboardingApiClient.logMonitoringUser({ - endpoint: 'POST /internal/observability_onboarding/logs/flow', - params: { - body: { - type: 'systemLogs', - name: 'name', - }, - }, - }); - - systemLogsOnboardingId = req.body.onboardingId; - - await observabilityOnboardingApiClient.logMonitoringUser({ - endpoint: 'POST /internal/observability_onboarding/flow/{id}/step/{name}', - params: { - path: { - id: systemLogsOnboardingId, - name: 'ea-status', - }, - body: { - status: 'complete', - payload: { - agentId, - }, - }, - }, - }); - - await synthtrace.index([ - timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') - .interval('1m') - .rate(1) - .generator((timestamp) => - log - .create() - .message('This is a system log message') - .timestamp(timestamp) - .dataset('system.syslog') - .namespace(namespace) - .defaults({ - 'agent.id': 'another-agent-id', - 'log.file.path': '/var/log/system.log', - }) - ), - ]); - }); - - it('should return log-ingest as incomplete', async () => { - const request = await callApi({ - onboardingId: systemLogsOnboardingId, - }); - - expect(request.status).to.be(200); - - const logsIngestProgress = request.body.progress['logs-ingest']; - expect(logsIngestProgress).to.have.property('status', 'loading'); - }); - - after(async () => { - await synthtrace.clean(); - }); - }); }); describe('with the expected agentId', () => { @@ -283,73 +216,6 @@ export default function ApiTest({ getService }: FtrProviderContext) { await synthtrace.clean(); }); }); - - describe('and onboarding type is systemLogs', () => { - let systemLogsOnboardingId: string; - - before(async () => { - const req = await observabilityOnboardingApiClient.logMonitoringUser({ - endpoint: 'POST /internal/observability_onboarding/logs/flow', - params: { - body: { - type: 'systemLogs', - name: 'name', - }, - }, - }); - - systemLogsOnboardingId = req.body.onboardingId; - - await observabilityOnboardingApiClient.logMonitoringUser({ - endpoint: 'POST /internal/observability_onboarding/flow/{id}/step/{name}', - params: { - path: { - id: systemLogsOnboardingId, - name: 'ea-status', - }, - body: { - status: 'complete', - payload: { - agentId, - }, - }, - }, - }); - - await synthtrace.index([ - timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') - .interval('1m') - .rate(1) - .generator((timestamp) => - log - .create() - .message('This is a system log message') - .timestamp(timestamp) - .dataset('system.syslog') - .namespace(namespace) - .defaults({ - 'agent.id': agentId, - 'log.file.path': '/var/log/system.log', - }) - ), - ]); - }); - - it('should return log-ingest as complete', async () => { - const request = await callApi({ - onboardingId: systemLogsOnboardingId, - }); - - expect(request.status).to.be(200); - - const logsIngestProgress = request.body.progress['logs-ingest']; - expect(logsIngestProgress).to.have.property('status', 'complete'); - }); - - after(async () => { - await synthtrace.clean(); - }); - }); }); }); }); diff --git a/x-pack/test/observability_onboarding_api_integration/tests/logs/create.spec.ts b/x-pack/test/observability_onboarding_api_integration/tests/logs/create.spec.ts index f4fbdd8e5a57b..7904bd344c270 100644 --- a/x-pack/test/observability_onboarding_api_integration/tests/logs/create.spec.ts +++ b/x-pack/test/observability_onboarding_api_integration/tests/logs/create.spec.ts @@ -29,7 +29,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); } - async function callApiWithPrivileges(type: 'logFiles' | 'systemLogs', state = {}) { + async function callApiWithPrivileges(type: 'logFiles', state = {}) { return await observabilityOnboardingApiClient.logMonitoringUser({ endpoint: 'POST /internal/observability_onboarding/logs/flow', params: { @@ -87,21 +87,6 @@ export default function ApiTest({ getService }: FtrProviderContext) { expect(savedState.attributes).to.be.eql({ type: 'logFiles', state, progress: {} }); }); - - it('saves the expected state for systemLogs', async () => { - const state = { - namespace: 'default', - }; - - const request = await callApiWithPrivileges('systemLogs'); - - const savedState = await kibanaServer.savedObjects.get({ - type: OBSERVABILITY_ONBOARDING_STATE_SAVED_OBJECT_TYPE, - id: request.body.onboardingId, - }); - - expect(savedState.attributes).to.be.eql({ type: 'systemLogs', state, progress: {} }); - }); }); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts index 723a2a7d2dfa3..bf431e0021053 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts @@ -14,6 +14,7 @@ import { getCreateEsqlRulesSchemaMock } from '@kbn/security-solution-plugin/comm import { RuleExecutionStatusEnum } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring'; import { getMaxSignalsWarning as getMaxAlertsWarning } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/utils/utils'; +import { EXCLUDED_DATA_TIERS_FOR_RULE_EXECUTION } from '@kbn/security-solution-plugin/common/constants'; import { getPreviewAlerts, previewRule, @@ -25,6 +26,7 @@ import { scheduleRuleRun, stopAllManualRuns, waitForBackfillExecuted, + setAdvancedSettings, } from '../../../../utils'; import { deleteAllRules, @@ -1428,6 +1430,12 @@ export default ({ getService }: FtrProviderContext) => { await indexEnhancedDocuments({ documents: [doc1], interval, id }); }); + afterEach(async () => { + await setAdvancedSettings(supertest, { + [EXCLUDED_DATA_TIERS_FOR_RULE_EXECUTION]: [], + }); + }); + it('should not return requests property when not enabled', async () => { const { logs } = await previewRule({ supertest, @@ -1463,6 +1471,35 @@ export default ({ getService }: FtrProviderContext) => { 'POST /ecs_compliant/_search?ignore_unavailable=true' ); }); + it('should not return requests with any data tier filter', async () => { + const { logs } = await previewRule({ + supertest, + rule, + timeframeEnd: new Date('2020-10-28T06:30:00.000Z'), + enableLoggedRequests: true, + }); + + const requests = logs[0].requests; + + expect(requests![0].request).not.toContain('data_frozen'); + }); + it('should return requests with included data tiers filters from advanced settings', async () => { + await setAdvancedSettings(supertest, { + [EXCLUDED_DATA_TIERS_FOR_RULE_EXECUTION]: ['data_frozen'], + }); + const { logs } = await previewRule({ + supertest, + rule, + timeframeEnd: new Date('2020-10-28T06:30:00.000Z'), + enableLoggedRequests: true, + }); + + const requests = logs[0].requests; + + expect(requests![0].request).toMatch( + /"must_not":\s*\[\s*{\s*"terms":\s*{\s*"_tier":\s*\[\s*"data_frozen"\s*\]/ + ); + }); }); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts index 5667762ce95c4..2c12400b7f169 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts @@ -24,3 +24,4 @@ export * from './get_stats'; export * from './get_detection_metrics_from_body'; export * from './get_stats_url'; export * from './combine_to_ndjson'; +export * from './set_advanced_settings'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/set_advanced_settings.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/set_advanced_settings.ts new file mode 100644 index 0000000000000..98fe191096253 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/set_advanced_settings.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; + +import type SuperTest from 'supertest'; + +export const setAdvancedSettings = async ( + supertest: SuperTest.Agent, + settings: Record +) => { + return supertest + .post('/internal/kibana/settings') + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send({ changes: settings }) + .expect(200); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/policy_response.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/policy_response.ts index f9629f3a71d1b..8f3cc8fa8b33e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/policy_response.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/policy_response.ts @@ -10,11 +10,10 @@ import TestAgent from 'supertest/lib/agent'; import { FtrProviderContext } from '../../../../ftr_provider_context_edr_workflows'; export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); - const endpointDataStreamHelpers = getService('endpointDataStreamHelpers'); const utils = getService('securitySolutionUtils'); + const endpointTestresources = getService('endpointTestResources'); - describe('@ess @serverless Endpoint policy api', function () { + describe('@ess @serverless Endpoint policy response api', function () { let adminSupertest: TestAgent; before(async () => { @@ -22,19 +21,24 @@ export default function ({ getService }: FtrProviderContext) { }); describe('GET /api/endpoint/policy_response', () => { - before( - async () => - await esArchiver.load('x-pack/test/functional/es_archives/endpoint/policy', { - useCreate: true, - }) - ); + let mockData: Awaited>; + + before(async () => { + mockData = await endpointTestresources.loadEndpointData(); + }); // the endpoint uses data streams and es archiver does not support deleting them at the moment so we need // to do it manually - after(async () => await endpointDataStreamHelpers.deletePolicyStream(getService)); + after(async () => { + if (mockData) { + await endpointTestresources.unloadEndpointData(mockData); + // @ts-expect-error + mockData = undefined; + } + }); it('should return one policy response for an id', async () => { - const expectedAgentId = 'a10ac658-a3bc-4ac6-944a-68d9bd1c5a5e'; + const expectedAgentId = mockData.hosts[0].agent.id; const { body } = await adminSupertest .get(`/api/endpoint/policy_response?agentId=${expectedAgentId}`) .send() @@ -50,7 +54,7 @@ export default function ({ getService }: FtrProviderContext) { .send() .expect(404); - expect(body.message).to.contain('Policy Response Not Found'); + expect(body.message).to.contain('Policy response for endpoint id [bad_id] not found'); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/ess.config.ts new file mode 100644 index 0000000000000..422e3fbb86677 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/ess.config.ts @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; +import type { ExperimentalFeatures as SecuritySolutionExperimentalFeatures } from '@kbn/security-solution-plugin/common'; +import type { ExperimentalFeatures as FleetExperimentalFeatures } from '@kbn/fleet-plugin/common/experimental_features'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.edr_workflows.trial') + ); + + const securitySolutionEnableExperimental: Array = [ + 'endpointManagementSpaceAwarenessEnabled', + ]; + const fleetEnableExperimental: Array = ['useSpaceAwareness']; + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'EDR Workflows - Space Awareness Integration Tests - ESS Env - Trial License', + }, + kbnTestServer: { + ...functionalConfig.get('kbnTestServer'), + serverArgs: [ + ...functionalConfig.get('kbnTestServer.serverArgs').filter( + // Exclude Fleet and Security solution experimental features + // properties since we are overriding them here + (arg: string) => + !arg.includes('xpack.fleet.enableExperimental') && + !arg.includes('xpack.securitySolution.enableExperimental') + ), + // FLEET: set any experimental feature flags for testing + `--xpack.fleet.enableExperimental=${JSON.stringify(fleetEnableExperimental)}`, + + // SECURITY SOLUTION: set any experimental feature flags for testing + `--xpack.securitySolution.enableExperimental=${JSON.stringify( + securitySolutionEnableExperimental + )}`, + ], + }, + }; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/serverless.config.ts new file mode 100644 index 0000000000000..446fd5be07079 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/serverless.config.ts @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; +import type { ExperimentalFeatures as SecuritySolutionExperimentalFeatures } from '@kbn/security-solution-plugin/common'; +import type { ExperimentalFeatures as FleetExperimentalFeatures } from '@kbn/fleet-plugin/common/experimental_features'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/serverless/config.base.edr_workflows') + ); + + const securitySolutionEnableExperimental: Array = [ + 'endpointManagementSpaceAwarenessEnabled', + ]; + const fleetEnableExperimental: Array = ['useSpaceAwareness']; + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'EDR Workflows - Space Awareness Integration Tests - Serverless Env - Complete', + }, + kbnTestServer: { + ...functionalConfig.get('kbnTestServer'), + serverArgs: [ + ...functionalConfig.get('kbnTestServer.serverArgs').filter( + // Exclude Fleet and Security solution experimental features + // properties since we are overriding them here + (arg: string) => + !arg.includes('xpack.fleet.enableExperimental') && + !arg.includes('xpack.securitySolution.enableExperimental') + ), + // FLEET: set any experimental feature flags for testing + `--xpack.fleet.enableExperimental=${JSON.stringify(fleetEnableExperimental)}`, + + // SECURITY SOLUTION: set any experimental feature flags for testing + `--xpack.securitySolution.enableExperimental=${JSON.stringify( + securitySolutionEnableExperimental + )}`, + + // Enable spaces UI capabilities + '--xpack.spaces.maxSpaces=100', + ], + }, + }; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts new file mode 100644 index 0000000000000..729b88f25c578 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts @@ -0,0 +1,61 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { getRegistryUrl as getRegistryUrlFromIngest } from '@kbn/fleet-plugin/server'; +import { isServerlessKibanaFlavor } from '@kbn/security-solution-plugin/common/endpoint/utils/kibana_status'; +import { enableFleetSpaceAwareness } from '@kbn/security-solution-plugin/scripts/endpoint/common/fleet_services'; +import { FtrProviderContext } from '../../../../ftr_provider_context_edr_workflows'; +import { ROLE } from '../../../../config/services/security_solution_edr_workflows_roles_users'; + +export default function endpointAPIIntegrationTests(providerContext: FtrProviderContext) { + const { loadTestFile, getService } = providerContext; + + describe('Endpoint plugin spaces support', function () { + const ingestManager = getService('ingestManager'); + const rolesUsersProvider = getService('rolesUsersProvider'); + const kbnClient = getService('kibanaServer'); + const log = getService('log'); + const endpointRegistryHelpers = getService('endpointRegistryHelpers'); + + const roles = Object.values(ROLE); + before(async () => { + if (!endpointRegistryHelpers.isRegistryEnabled()) { + log.warning('These tests are being run with an external package registry'); + } + + const registryUrl = + endpointRegistryHelpers.getRegistryUrlFromTestEnv() ?? getRegistryUrlFromIngest(); + log.info(`Package registry URL for tests: ${registryUrl}`); + try { + await ingestManager.setup(); + } catch (err) { + log.warning(`Error setting up ingestManager: ${err}`); + } + + if (!(await isServerlessKibanaFlavor(kbnClient))) { + // create role/user + for (const role of roles) { + await rolesUsersProvider.createRole({ predefinedRole: role }); + await rolesUsersProvider.createUser({ name: role, roles: [role] }); + } + } + + // Enable fleet space awareness + log.info('Enabling Fleet space awareness'); + await enableFleetSpaceAwareness(kbnClient); + }); + + after(async () => { + if (!(await isServerlessKibanaFlavor(kbnClient))) { + // delete role/user + await rolesUsersProvider.deleteUsers(roles); + await rolesUsersProvider.deleteRoles(roles); + } + }); + + loadTestFile(require.resolve('./space_awareness')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/space_awareness.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/space_awareness.ts new file mode 100644 index 0000000000000..d36eb3d2d2e6f --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/space_awareness.ts @@ -0,0 +1,190 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import TestAgent from 'supertest/lib/agent'; +import { ensureSpaceIdExists } from '@kbn/security-solution-plugin/scripts/endpoint/common/spaces'; +import { addSpaceIdToPath } from '@kbn/spaces-plugin/common'; +import expect from '@kbn/expect'; +import { + AGENT_STATUS_ROUTE, + BASE_POLICY_RESPONSE_ROUTE, + HOST_METADATA_GET_ROUTE, + HOST_METADATA_LIST_ROUTE, +} from '@kbn/security-solution-plugin/common/endpoint/constants'; +import { createSupertestErrorLogger } from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context_edr_workflows'; + +export default function ({ getService }: FtrProviderContext) { + const utils = getService('securitySolutionUtils'); + const endpointTestresources = getService('endpointTestResources'); + const kbnServer = getService('kibanaServer'); + const log = getService('log'); + + describe('@ess @serverless Endpoint management space awareness support', function () { + let adminSupertest: TestAgent; + let dataSpaceA: Awaited>; + let dataSpaceB: Awaited>; + + before(async () => { + adminSupertest = await utils.createSuperTest(); + + await Promise.all([ + ensureSpaceIdExists(kbnServer, 'space_a', { log }), + ensureSpaceIdExists(kbnServer, 'space_b', { log }), + ]); + + dataSpaceA = await endpointTestresources.loadEndpointData({ + spaceId: 'space_a', + generatorSeed: Math.random().toString(32), + }); + + dataSpaceB = await endpointTestresources.loadEndpointData({ + spaceId: 'space_b', + generatorSeed: Math.random().toString(32), + }); + + log.verbose( + `mocked data loaded:\nSPACE A:\n${JSON.stringify( + dataSpaceA, + null, + 2 + )}\nSPACE B:\n${JSON.stringify(dataSpaceB, null, 2)}` + ); + }); + + // the endpoint uses data streams and es archiver does not support deleting them at the moment so we need + // to do it manually + after(async () => { + if (dataSpaceA) { + await dataSpaceA.unloadEndpointData(); + // @ts-expect-error + dataSpaceA = undefined; + } + if (dataSpaceB) { + await dataSpaceB.unloadEndpointData(); + // @ts-expect-error + dataSpaceB = undefined; + } + }); + + describe(`Policy Response API: ${BASE_POLICY_RESPONSE_ROUTE}`, () => { + it('should return policy response in space', async () => { + const { body } = await adminSupertest + .get( + addSpaceIdToPath( + '/', + dataSpaceA.spaceId, + `/api/endpoint/policy_response?agentId=${dataSpaceA.hosts[0].agent.id}` + ) + ) + .on('error', createSupertestErrorLogger(log)) + .send() + .expect(200); + + expect(body.policy_response.agent.id).to.eql(dataSpaceA.hosts[0].agent.id); + }); + + it('should return not found for a host policy response not in current space', async () => { + await adminSupertest + .get( + addSpaceIdToPath( + '/', + dataSpaceA.spaceId, + `/api/endpoint/policy_response?agentId=${dataSpaceB.hosts[0].agent.id}` + ) + ) + .on('error', createSupertestErrorLogger(log).ignoreCodes([404])) + .send() + .expect(404); + }); + }); + + describe(`Host Metadata List API: ${HOST_METADATA_LIST_ROUTE}`, () => { + it('should retrieve list with only metadata for hosts in current space', async () => { + const { body } = await adminSupertest + .get(addSpaceIdToPath('/', dataSpaceA.spaceId, HOST_METADATA_LIST_ROUTE)) + .on('error', createSupertestErrorLogger(log)) + .send() + .expect(200); + + expect(body.total).to.eql(1); + expect(body.data[0].metadata.agent.id).to.eql(dataSpaceA.hosts[0].agent.id); + }); + + it('should not return host data from other spaces when using kuery value', async () => { + const { body } = await adminSupertest + .get(addSpaceIdToPath('/', dataSpaceA.spaceId, HOST_METADATA_LIST_ROUTE)) + .on('error', createSupertestErrorLogger(log)) + .query({ + kuery: `united.endpoint.agent.id: "${dataSpaceB.hosts[0].agent.id}"`, + }) + .send() + .expect(200); + + expect(body.total).to.eql(0); + }); + }); + + describe(`Host Details Metadata API: ${HOST_METADATA_GET_ROUTE}`, () => { + it('should retrieve metadata details for agent id in space', async () => { + await adminSupertest + .get( + addSpaceIdToPath( + '/', + dataSpaceA.spaceId, + HOST_METADATA_GET_ROUTE.replace('{id}', dataSpaceA.hosts[0].agent.id) + ) + ) + .on('error', createSupertestErrorLogger(log)) + .send() + .expect(200); + }); + + it('should NOT return metadata details for agent id that is not in current space', async () => { + await adminSupertest + .get( + addSpaceIdToPath( + '/', + dataSpaceA.spaceId, + HOST_METADATA_GET_ROUTE.replace('{id}', dataSpaceB.hosts[0].agent.id) + ) + ) + .on('error', createSupertestErrorLogger(log).ignoreCodes([404])) + .send() + .expect(404); + }); + }); + + describe(`Agent Status API: ${AGENT_STATUS_ROUTE}`, () => { + it('should return status for an agent in current space', async () => { + const { body } = await adminSupertest + .get(addSpaceIdToPath('/', dataSpaceA.spaceId, AGENT_STATUS_ROUTE)) + .query({ agentIds: [dataSpaceA.hosts[0].agent.id] }) + .set('elastic-api-version', '1') + .set('x-elastic-internal-origin', 'kibana') + .on('error', createSupertestErrorLogger(log)) + .send() + .expect(200); + + expect(body.data[dataSpaceA.hosts[0].agent.id].found).to.eql(true); + }); + + it('should NOT return status for an agent that is not in current space', async () => { + const { body } = await adminSupertest + .get(addSpaceIdToPath('/', dataSpaceA.spaceId, AGENT_STATUS_ROUTE)) + .query({ agentIds: [dataSpaceB.hosts[0].agent.id] }) + .set('elastic-api-version', '1') + .set('x-elastic-internal-origin', 'kibana') + .on('error', createSupertestErrorLogger(log)) + .send() + .expect(200); + + expect(body.data[dataSpaceB.hosts[0].agent.id].found).to.eql(false); + }); + }); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/utils/index.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/utils/index.ts new file mode 100644 index 0000000000000..cb4a0fc06b90a --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/utils/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './supertest_error_logger'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/utils/supertest_error_logger.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/utils/supertest_error_logger.ts new file mode 100644 index 0000000000000..67f009cb55874 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/utils/supertest_error_logger.ts @@ -0,0 +1,73 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import SuperTest from 'supertest'; +import { ToolingLog } from '@kbn/tooling-log'; + +export interface LogErrorDetailsInterface { + (this: SuperTest.Test, err: Error & { response?: any }): SuperTest.Test; + ignoreCodes: ( + codes: number[] + ) => (this: SuperTest.Test, err: Error & { response?: SuperTest.Response }) => SuperTest.Test; +} + +/** + * Creates a logger that can be used with `supertest` to log details around errors + * + * @param log + * + * @example + * const errorLogger = createSupertestErrorLogger(log); + * + * supertestWithoutAuth + * .post(`some/url`) + * .on('error', errorLogger) //<< Add logger to `error` event + * .send({}) + * + * // Ignore 404 + * supertestWithoutAuth + * .post(`some/url`) + * .on('error', errorLogger.ignoreCodes([404]) //<< Add logger to `error` event and ignore 404 + * .send({}) + */ +export const createSupertestErrorLogger = (log: ToolingLog): LogErrorDetailsInterface => { + /** + * Utility for use with `supertest` that logs errors with details returned by the API + * @param err + */ + const logErrorDetails: LogErrorDetailsInterface = function (err) { + if (err.response && (err.response.body || err.response.text)) { + let outputData = + 'RESPONSE:\n' + err.response.body + ? JSON.stringify(err.response.body, null, 2) + : err.response.text; + + if (err.response.request) { + const { url = '', method = '', _data = '' } = err.response.request; + + outputData += `\nREQUEST: + ${method} ${url} + ${JSON.stringify(_data, null, 2)} + `; + } + + log.error(outputData); + } + + return this ?? err; + }; + logErrorDetails.ignoreCodes = (codes) => { + return function (err) { + if (err.response && err.response.status && !codes.includes(err.response.status)) { + return logErrorDetails.call(this, err); + } + return this; + }; + }; + + return logErrorDetails; +}; diff --git a/x-pack/test/security_solution_api_integration/tsconfig.json b/x-pack/test/security_solution_api_integration/tsconfig.json index b7a320dd19720..17d5053c05328 100644 --- a/x-pack/test/security_solution_api_integration/tsconfig.json +++ b/x-pack/test/security_solution_api_integration/tsconfig.json @@ -50,5 +50,6 @@ "@kbn/search-types", "@kbn/security-plugin", "@kbn/ftr-common-functional-ui-services", + "@kbn/spaces-plugin", ] } diff --git a/x-pack/test/security_solution_endpoint/services/endpoint.ts b/x-pack/test/security_solution_endpoint/services/endpoint.ts index 01f3aac83dd84..2d247657d90f7 100644 --- a/x-pack/test/security_solution_endpoint/services/endpoint.ts +++ b/x-pack/test/security_solution_endpoint/services/endpoint.ts @@ -21,6 +21,7 @@ import { } from '@kbn/security-solution-plugin/common/endpoint/constants'; import { deleteIndexedHostsAndAlerts, + DeleteIndexedHostsAndAlertsResponse, IndexedHostsAndAlertsResponse, indexHostsAndAlerts, } from '@kbn/security-solution-plugin/common/endpoint/index_data'; @@ -40,11 +41,17 @@ import seedrandom from 'seedrandom'; import { fetchFleetLatestAvailableAgentVersion } from '@kbn/security-solution-plugin/common/endpoint/utils/fetch_fleet_version'; import { KbnClient } from '@kbn/test'; import { isServerlessKibanaFlavor } from '@kbn/security-solution-plugin/common/endpoint/utils/kibana_status'; +import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; +import { createKbnClient } from '@kbn/security-solution-plugin/scripts/endpoint/common/stack_services'; import { FtrService } from '../../functional/ftr_provider_context'; +export type IndexedHostsAndAlertsResponseExtended = IndexedHostsAndAlertsResponse & { + unloadEndpointData(): Promise; + spaceId: string; +}; + // Document Generator override that uses a custom Endpoint Metadata generator and sets the // `agent.version` to the current version - const createDocGeneratorClass = async (kbnClient: KbnClient, isServerless: boolean) => { let version = kibanaPackageJson.version; if (isServerless) { @@ -74,6 +81,26 @@ export class EndpointTestResources extends FtrService { private readonly supertest = this.ctx.getService('supertest'); private readonly log = this.ctx.getService('log'); + public getScopedKbnClient(spaceId: string = DEFAULT_SPACE_ID): KbnClient { + if (!spaceId || spaceId === DEFAULT_SPACE_ID) { + return this.kbnClient; + } + + const kbnClientOptions: Parameters[0] = { + url: this.kbnClient.resolveUrl('/'), + username: this.config.get('servers.elasticsearch.username'), + password: this.config.get('servers.elasticsearch.password'), + spaceId, + }; + + this.log.info(`creating new KbnClient with:\n${JSON.stringify(kbnClientOptions, null, 2)}`); + + // Was not included above in order to keep the output of the log.info() above clean in the output + kbnClientOptions.log = this.log; + + return createKbnClient(kbnClientOptions); + } + async stopTransform(transformId: string) { const stopRequest = { transform_id: `${transformId}*`, @@ -120,8 +147,9 @@ export class EndpointTestResources extends FtrService { waitUntilTransformed: boolean; waitTimeout: number; customIndexFn: () => Promise; + spaceId: string; }> = {} - ): Promise { + ): Promise { const { numHosts = 1, numHostDocs = 1, @@ -131,12 +159,16 @@ export class EndpointTestResources extends FtrService { waitUntilTransformed = true, waitTimeout = 120000, customIndexFn, + spaceId = DEFAULT_SPACE_ID, } = options; + const kbnClient = this.getScopedKbnClient(spaceId); + let currentTransformName = metadataTransformPrefix; let unitedTransformName = METADATA_UNITED_TRANSFORM; + if (waitUntilTransformed && customIndexFn) { - const endpointPackage = await getEndpointPackageInfo(this.kbnClient); + const endpointPackage = await getEndpointPackageInfo(kbnClient); const isV2 = isEndpointPackageV2(endpointPackage.version); if (isV2) { @@ -152,18 +184,15 @@ export class EndpointTestResources extends FtrService { await this.stopTransform(unitedTransformName); } - const isServerless = await isServerlessKibanaFlavor(this.kbnClient); - const CurrentKibanaVersionDocGenerator = await createDocGeneratorClass( - this.kbnClient, - isServerless - ); + const isServerless = await isServerlessKibanaFlavor(kbnClient); + const CurrentKibanaVersionDocGenerator = await createDocGeneratorClass(kbnClient, isServerless); // load data into the system const indexedData = customIndexFn ? await customIndexFn() : await indexHostsAndAlerts( this.esClient as Client, - this.kbnClient, + kbnClient, generatorSeed, numHosts, numHostDocs, @@ -194,15 +223,29 @@ export class EndpointTestResources extends FtrService { await this.waitForUnitedEndpoints(agentIds, waitTimeout); } - return indexedData; + return { + ...indexedData, + spaceId, + unloadEndpointData: (): Promise => { + return this.unloadEndpointData(indexedData, { spaceId }); + }, + }; } /** * Deletes the loaded data created via `loadEndpointData()` * @param indexedData + * @param options */ - async unloadEndpointData(indexedData: IndexedHostsAndAlertsResponse) { - return deleteIndexedHostsAndAlerts(this.esClient as Client, this.kbnClient, indexedData); + async unloadEndpointData( + indexedData: IndexedHostsAndAlertsResponse, + { spaceId = DEFAULT_SPACE_ID }: { spaceId?: string } = {} + ): Promise { + return deleteIndexedHostsAndAlerts( + this.esClient as Client, + this.getScopedKbnClient(spaceId), + indexedData + ); } private async waitForIndex( @@ -315,10 +358,10 @@ export class EndpointTestResources extends FtrService { * installs (or upgrades) the Endpoint Fleet package * (NOTE: ensure that fleet is setup first before calling this function) */ - async installOrUpgradeEndpointFleetPackage(): ReturnType< - typeof installOrUpgradeEndpointFleetPackage - > { - return installOrUpgradeEndpointFleetPackage(this.kbnClient, this.log); + async installOrUpgradeEndpointFleetPackage( + spaceId: string = DEFAULT_SPACE_ID + ): ReturnType { + return installOrUpgradeEndpointFleetPackage(this.getScopedKbnClient(spaceId), this.log); } /** @@ -383,8 +426,8 @@ export class EndpointTestResources extends FtrService { return response; } - async isEndpointPackageV2(): Promise { - const endpointPackage = await getEndpointPackageInfo(this.kbnClient); + async isEndpointPackageV2(spaceId: string = DEFAULT_SPACE_ID): Promise { + const endpointPackage = await getEndpointPackageInfo(this.getScopedKbnClient(spaceId)); return isEndpointPackageV2(endpointPackage.version); } } diff --git a/x-pack/test/security_solution_endpoint/tsconfig.json b/x-pack/test/security_solution_endpoint/tsconfig.json index e4ce04de12a59..d9aa0c922bdf2 100644 --- a/x-pack/test/security_solution_endpoint/tsconfig.json +++ b/x-pack/test/security_solution_endpoint/tsconfig.json @@ -28,5 +28,6 @@ "@kbn/test", "@kbn/test-subj-selector", "@kbn/ftr-common-functional-services", + "@kbn/spaces-plugin", ] } diff --git a/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts b/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts index 84e0339e7dfbc..089c806cefe8e 100644 --- a/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts +++ b/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts @@ -199,5 +199,20 @@ export function SvlSearchIndexDetailPageProvider({ getService }: FtrProviderCont await testSubjects.existOrFail('mappingsTab'); await testSubjects.existOrFail('settingsTab'); }, + + async expectBreadcrumbNavigationWithIndexName(indexName: string) { + await testSubjects.existOrFail('euiBreadcrumb'); + expect(await testSubjects.getVisibleText('breadcrumb last')).to.contain(indexName); + }, + + async clickOnIndexManagementBreadcrumb() { + const breadcrumbs = await testSubjects.findAll('breadcrumb'); + for (const breadcrumb of breadcrumbs) { + if ((await breadcrumb.getVisibleText()) === 'Index Management') { + await breadcrumb.click(); + return; + } + } + }, }; } diff --git a/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts b/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts index 8797826513afc..d3a0b826f082f 100644 --- a/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts +++ b/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts @@ -33,8 +33,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await esDeleteAllIndices(indexName); }); - // FLAKY: https://github.com/elastic/kibana/issues/194704 - describe.skip('index details page overview', () => { + describe('index details page overview', () => { before(async () => { await es.indices.create({ index: indexName }); await svlSearchNavigation.navigateToIndexDetailPage(indexName); @@ -55,7 +54,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await pageObjects.svlSearchIndexDetailPage.expectConnectionDetails(); }); - it('should show api key', async () => { + it.skip('should show api key', async () => { await pageObjects.svlApiKeys.deleteAPIKeys(); await svlSearchNavigation.navigateToIndexDetailPage(indexName); await pageObjects.svlApiKeys.expectAPIKeyAvailable(); @@ -81,6 +80,15 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await pageObjects.svlSearchIndexDetailPage.expectQuickStatsAIMappingsToHaveVectorFields(); }); + it('should have breadcrumb navigation', async () => { + await pageObjects.svlSearchIndexDetailPage.expectBreadcrumbNavigationWithIndexName( + indexName + ); + await pageObjects.svlSearchIndexDetailPage.clickOnIndexManagementBreadcrumb(); + await pageObjects.indexManagement.expectToBeOnIndicesManagement(); + await svlSearchNavigation.navigateToIndexDetailPage(indexName); + }); + it('should show code examples for adding documents', async () => { await pageObjects.svlSearchIndexDetailPage.expectAddDocumentCodeExamples(); await pageObjects.svlSearchIndexDetailPage.expectSelectedLanguage('python'); diff --git a/yarn.lock b/yarn.lock index fa3904c57939e..88af1e9fbfc5a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5419,6 +5419,10 @@ version "0.0.0" uid "" +"@kbn/inventory-e2e@link:x-pack/plugins/observability_solution/inventory/e2e": + version "0.0.0" + uid "" + "@kbn/inventory-plugin@link:x-pack/plugins/observability_solution/inventory": version "0.0.0" uid "" @@ -26945,13 +26949,6 @@ react-markdown@^6.0.3: unist-util-visit "^2.0.0" vfile "^4.0.0" -react-monaco-editor@^0.54.0: - version "0.54.0" - resolved "https://registry.yarnpkg.com/react-monaco-editor/-/react-monaco-editor-0.54.0.tgz#ec9293249a991b08264be723c1ec0ca3a6d480d8" - integrity sha512-9JwO69851mfpuhYLHlKbae7omQWJ/2ICE2lbL0VHyNyZR8rCOH7440u+zAtDgiOMpLwmYdY1sEZCdRefywX6GQ== - dependencies: - prop-types "^15.8.1" - react-popper-tooltip@^3.1.1: version "3.1.1" resolved "https://registry.yarnpkg.com/react-popper-tooltip/-/react-popper-tooltip-3.1.1.tgz#329569eb7b287008f04fcbddb6370452ad3f9eac"