Skip to content

Commit

Permalink
Improve ECS categorization field mappings in rabbitmq module (elastic…
Browse files Browse the repository at this point in the history
…#17916)

- event.kind

Closes elastic#16178

(cherry picked from commit 29ecd72)
  • Loading branch information
leehinman committed Apr 23, 2020
1 parent 7731ffa commit f72d753
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Enhance `elasticsearch/server` fileset to handle ECS-compatible logs emitted by Elasticsearch. {issue}17715[17715] {pull}17714[17714]
- Added Unix stream socket support as an input source and a syslog input source. {pull}17492[17492]
- Improve ECS categorization field mappings in misp module. {issue}16026[16026] {pull}17344[17344]
- Improve ECS categorization field mappings in rabbitmq module. {issue}16178[16178] {pull}17916[17916]

*Heartbeat*

Expand Down
3 changes: 3 additions & 0 deletions x-pack/filebeat/module/rabbitmq/log/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ processors:
- remove:
field:
- timestamp
- set:
field: event.kind
value: event
on_failure:
- set:
field: error.message
Expand Down
25 changes: 25 additions & 0 deletions x-pack/filebeat/module/rabbitmq/log/test/test.log-expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
{
"@timestamp": "2019-04-03T11:13:15.076-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -15,6 +16,7 @@
{
"@timestamp": "2019-04-03T11:13:15.510-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -31,6 +33,7 @@
{
"@timestamp": "2019-04-03T11:13:15.512-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -47,6 +50,7 @@
{
"@timestamp": "2019-04-12T10:00:53.458-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -60,6 +64,7 @@
{
"@timestamp": "2019-04-12T10:00:53.550-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -76,6 +81,7 @@
{
"@timestamp": "2019-04-12T10:00:53.550-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -89,6 +95,7 @@
{
"@timestamp": "2019-04-12T10:00:54.553-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -102,6 +109,7 @@
{
"@timestamp": "2019-04-12T10:00:54.555-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -115,6 +123,7 @@
{
"@timestamp": "2019-04-12T10:00:54.567-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -128,6 +137,7 @@
{
"@timestamp": "2019-04-12T10:00:54.567-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -141,6 +151,7 @@
{
"@timestamp": "2019-04-12T10:00:54.568-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -154,6 +165,7 @@
{
"@timestamp": "2019-04-12T10:00:54.569-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -167,6 +179,7 @@
{
"@timestamp": "2019-04-12T10:00:54.579-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -180,6 +193,7 @@
{
"@timestamp": "2019-04-12T10:00:54.588-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -193,6 +207,7 @@
{
"@timestamp": "2019-04-12T10:00:54.589-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -206,6 +221,7 @@
{
"@timestamp": "2019-04-12T10:00:54.598-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -219,6 +235,7 @@
{
"@timestamp": "2019-04-12T10:00:54.606-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -232,6 +249,7 @@
{
"@timestamp": "2019-04-12T10:00:54.615-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -245,6 +263,7 @@
{
"@timestamp": "2019-04-12T10:00:54.615-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -261,6 +280,7 @@
{
"@timestamp": "2019-04-12T10:01:01.031-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -277,6 +297,7 @@
{
"@timestamp": "2019-04-12T10:11:15.094-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -290,6 +311,7 @@
{
"@timestamp": "2019-04-12T10:11:15.101-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -303,6 +325,7 @@
{
"@timestamp": "2019-04-12T10:19:14.450-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -319,6 +342,7 @@
{
"@timestamp": "2019-04-12T10:19:14.450-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand All @@ -332,6 +356,7 @@
{
"@timestamp": "2019-04-12T10:19:14.451-02:00",
"event.dataset": "rabbitmq.log",
"event.kind": "event",
"event.module": "rabbitmq",
"event.timezone": "-02:00",
"fileset.name": "log",
Expand Down

0 comments on commit f72d753

Please sign in to comment.