diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 732bc3a9cc5..ae8c893d57e 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -12,6 +12,7 @@ This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py This document describes the fields that are exported by Filebeat. They are grouped in the following categories: +* <> * <> * <> * <> @@ -20,6 +21,270 @@ grouped in the following categories: * <> -- +[[exported-fields-apache2]] +== Apache2 Fields + +Apache2 Module + + + +[float] +== apache2 Fields + +Apache2 fields. + + + +[float] +== access Fields + +Contains fields for the Apache2 HTTPD access logs. + + + +[float] +=== apache2.access.remote_ip + +type: keyword + +Client IP address. + + +[float] +=== apache2.access.user_name + +type: keyword + +The user name used when basic authentication is used. + + +[float] +=== apache2.access.method + +type: keyword + +example: GET + +The request HTTP method. + + +[float] +=== apache2.access.url + +type: keyword + +The request HTTP URL. + + +[float] +=== apache2.access.http_version + +type: keyword + +The HTTP version. + + +[float] +=== apache2.access.response_code + +type: long + +The HTTP response code. + + +[float] +=== apache2.access.body_sent.bytes + +type: long + +format: bytes + +The number of bytes of the server response body. + + +[float] +=== apache2.access.referrer + +type: keyword + +The HTTP referrer. + + +[float] +=== apache2.access.agent + +type: text + +Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used. + + +[float] +== user_agent Fields + +Contains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used. + + + +[float] +=== apache2.access.user_agent.device + +type: keyword + +The name of the physical device. + + +[float] +=== apache2.access.user_agent.major + +type: long + +The major version of the user agent. + + +[float] +=== apache2.access.user_agent.minor + +type: long + +The minor version of the user agent. + + +[float] +=== apache2.access.user_agent.patch + +type: long + +The patch version of the user agent. + + +[float] +=== apache2.access.user_agent.name + +type: keyword + +example: Chrome + +The name of the user agent. + + +[float] +=== apache2.access.user_agent.os + +type: keyword + +The name of the operating system. + + +[float] +=== apache2.access.user_agent.os_major + +type: long + +The major version of the operating system. + + +[float] +=== apache2.access.user_agent.os_minor + +type: long + +The minor version of the operating system. + + +[float] +=== apache2.access.user_agent.os_name + +type: keyword + +The name of the operating system. + + +[float] +== geoip Fields + +Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used. + + + +[float] +=== apache2.access.geoip.continent_name + +type: keyword + +The name of the continent. + + +[float] +=== apache2.access.geoip.country_iso_code + +type: keyword + +Country ISO code. + + +[float] +=== apache2.access.geoip.location + +type: geo_point + +The longitude and latitude. + + +[float] +== error Fields + +Fields from the Apache error logs. + + + +[float] +=== apache2.error.level + +type: keyword + +The severity level of the message. + + +[float] +=== apache2.error.client + +type: keyword + +The IP address of the client that generated the error. + + +[float] +=== apache2.error.message + +type: text + +The logged message. + + +[float] +=== apache2.error.pid + +type: long + +The process ID. + + +[float] +=== apache2.error.tid + +type: long + +The thread ID. + + +[float] +=== apache2.error.module + +type: keyword + +The module producing the logged message. + + [[exported-fields-beat]] == Beat Fields diff --git a/filebeat/filebeat.template-es2x.json b/filebeat/filebeat.template-es2x.json index f4c8f5b9102..5627941abf8 100644 --- a/filebeat/filebeat.template-es2x.json +++ b/filebeat/filebeat.template-es2x.json @@ -25,6 +25,149 @@ "@timestamp": { "type": "date" }, + "apache2": { + "properties": { + "access": { + "properties": { + "agent": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "body_sent": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "geoip": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "country_iso_code": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "location": { + "type": "geo_point" + } + } + }, + "http_version": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "method": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "referrer": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "remote_ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "response_code": { + "type": "long" + }, + "url": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "user_agent": { + "properties": { + "device": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "major": { + "type": "long" + }, + "minor": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "os": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "os_major": { + "type": "long" + }, + "os_minor": { + "type": "long" + }, + "os_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "patch": { + "type": "long" + } + } + }, + "user_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "error": { + "properties": { + "client": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "level": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "message": { + "index": "analyzed", + "norms": { + "enabled": false + }, + "type": "string" + }, + "module": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "pid": { + "type": "long" + }, + "tid": { + "type": "long" + } + } + } + } + }, "beat": { "properties": { "hostname": { diff --git a/filebeat/filebeat.template.json b/filebeat/filebeat.template.json index 7eccf0313df..54941a3becd 100644 --- a/filebeat/filebeat.template.json +++ b/filebeat/filebeat.template.json @@ -22,6 +22,128 @@ "@timestamp": { "type": "date" }, + "apache2": { + "properties": { + "access": { + "properties": { + "agent": { + "norms": false, + "type": "text" + }, + "body_sent": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "geoip": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + } + } + }, + "http_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "remote_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "response_code": { + "type": "long" + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + }, + "user_agent": { + "properties": { + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "major": { + "type": "long" + }, + "minor": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "ignore_above": 1024, + "type": "keyword" + }, + "os_major": { + "type": "long" + }, + "os_minor": { + "type": "long" + }, + "os_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "patch": { + "type": "long" + } + } + }, + "user_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "client": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "tid": { + "type": "long" + } + } + } + } + }, "beat": { "properties": { "hostname": { diff --git a/filebeat/module/apache2/_meta/fields.yml b/filebeat/module/apache2/_meta/fields.yml new file mode 100644 index 00000000000..fe226d86d62 --- /dev/null +++ b/filebeat/module/apache2/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: apache2 + title: "Apache2" + description: > + Apache2 Module + fields: + - name: apache2 + type: group + description: > + Apache2 fields. + fields: diff --git a/filebeat/module/apache2/_meta/kibana/dashboard/Filebeat-Apache2-Dashboard.json b/filebeat/module/apache2/_meta/kibana/dashboard/Filebeat-Apache2-Dashboard.json new file mode 100644 index 00000000000..82612f05d61 --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/dashboard/Filebeat-Apache2-Dashboard.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Filebeat Apache2 Dashboard", + "uiStateJSON": "{\"P-1\":{\"mapCenter\":[40.713955826286046,-0.17578125]}}", + "panelsJSON": "[{\"col\":1,\"id\":\"Apache2-access-unique-IPs-map\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-of-top-URLs\",\"panelIndex\":2,\"row\":6,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Apache2-browsers\",\"panelIndex\":3,\"row\":6,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":11,\"id\":\"Apache2-operating-systems\",\"panelIndex\":4,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-error-logs-over-time\",\"panelIndex\":5,\"row\":9,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-over-time\",\"panelIndex\":6,\"row\":4,\"size_x\":10,\"size_y\":2,\"type\":\"visualization\"},{\"id\":\"Apache2-errors-log\",\"type\":\"search\",\"panelIndex\":7,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":11,\"columns\":[\"apache2.error.client\",\"apache2.error.level\",\"apache2.error.module\",\"apache2.error.message\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/search/Apache2-access-logs.json b/filebeat/module/apache2/_meta/kibana/search/Apache2-access-logs.json new file mode 100644 index 00000000000..903dd969d83 --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/search/Apache2-access-logs.json @@ -0,0 +1,19 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "Apache2 access logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:apache2.access\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "columns": [ + "apache2.access.remote_ip", + "apache2.access.method", + "apache2.access.url", + "apache2.access.response_code" + ] +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/search/Apache2-errors-log.json b/filebeat/module/apache2/_meta/kibana/search/Apache2-errors-log.json new file mode 100644 index 00000000000..d45fe81921a --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/search/Apache2-errors-log.json @@ -0,0 +1,19 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "Apache2 errors log", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:apache2.error\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "columns": [ + "apache2.error.client", + "apache2.error.level", + "apache2.error.module", + "apache2.error.message" + ] +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/visualization/Apache2-access-unique-IPs-map.json b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-access-unique-IPs-map.json new file mode 100644 index 00000000000..2a6b48ca875 --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-access-unique-IPs-map.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Apache2 access unique IPs map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.geoip.location\",\"autoPrecision\":true}}],\"listeners\":{}}", + "description": "", + "title": "Apache2 access unique IPs map", + "uiStateJSON": "{\"mapCenter\":[14.944784875088372,5.09765625]}", + "version": 1, + "savedSearchId": "Apache2-access-logs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/visualization/Apache2-browsers.json b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-browsers.json new file mode 100644 index 00000000000..db6bd7b8e1e --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-browsers.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Apache2 browsers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Apache2 browsers", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "Apache2-access-logs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/visualization/Apache2-error-logs-over-time.json b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-error-logs-over-time.json new file mode 100644 index 00000000000..caab4073232 --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-error-logs-over-time.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Apache2 error logs over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"apache2.error.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Apache2 error logs over time", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "Apache2-errors-log", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/visualization/Apache2-operating-systems.json b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-operating-systems.json new file mode 100644 index 00000000000..47f388e89f9 --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-operating-systems.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Apache2 operating systems\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.os_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.os_major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Apache2 operating systems", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "Apache2-access-logs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-of-top-URLs.json b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-of-top-URLs.json new file mode 100644 index 00000000000..a7aba5f734a --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-of-top-URLs.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Apache2 response codes of top URLs\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"apache2.access.url\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URL\",\"row\":false}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Apache2 response codes of top URLs", + "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#7EB26D\",\"404\":\"#EF843C\"}}}", + "version": 1, + "savedSearchId": "Apache2-access-logs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-over-time.json b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-over-time.json new file mode 100644 index 00000000000..7c24a1ea099 --- /dev/null +++ b/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-over-time.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Apache2 response codes over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"apache2.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Apache2 response codes over time", + "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#629E51\",\"404\":\"#EF843C\"}}}", + "version": 1, + "savedSearchId": "Apache2-access-logs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/apache2/access/_meta/fields.yml b/filebeat/module/apache2/access/_meta/fields.yml new file mode 100644 index 00000000000..c245407dbb4 --- /dev/null +++ b/filebeat/module/apache2/access/_meta/fields.yml @@ -0,0 +1,107 @@ +- name: access + type: group + description: > + Contains fields for the Apache2 HTTPD access logs. + fields: + - name: remote_ip + type: keyword + description: > + Client IP address. + - name: user_name + type: keyword + description: > + The user name used when basic authentication is used. + - name: method + type: keyword + example: GET + description: > + The request HTTP method. + - name: url + type: keyword + description: > + The request HTTP URL. + - name: http_version + type: keyword + description: > + The HTTP version. + - name: response_code + type: long + description: > + The HTTP response code. + - name: body_sent.bytes + type: long + format: bytes + description: > + The number of bytes of the server response body. + - name: referrer + type: keyword + description: > + The HTTP referrer. + - name: agent + type: text + description: > + Contains the un-parsed user agent string. Only present if the user + agent Elasticsearch plugin is not available or not used. + - name: user_agent + type: group + description: > + Contains the parsed User agent field. Only present if the user + agent Elasticsearch plugin is available and used. + fields: + - name: device + type: keyword + description: > + The name of the physical device. + - name: major + type: long + description: > + The major version of the user agent. + - name: minor + type: long + description: > + The minor version of the user agent. + - name: patch + type: long + description: > + The patch version of the user agent. + - name: name + type: keyword + example: Chrome + description: > + The name of the user agent. + - name: os + type: keyword + description: > + The name of the operating system. + - name: os_major + type: long + description: > + The major version of the operating system. + - name: os_minor + type: long + description: > + The minor version of the operating system. + - name: os_name + type: keyword + description: > + The name of the operating system. + - name: geoip + type: group + description: > + Contains GeoIP information gathered based on the remote_ip field. + Only present if the GeoIP Elasticsearch plugin is available and + used. + fields: + - name: continent_name + type: keyword + description: > + The name of the continent. + - name: country_iso_code + type: keyword + description: > + Country ISO code. + - name: location + type: geo_point + description: > + The longitude and latitude. + diff --git a/filebeat/module/apache2/access/config/access.yml b/filebeat/module/apache2/access/config/access.yml new file mode 100644 index 00000000000..5e8b370db44 --- /dev/null +++ b/filebeat/module/apache2/access/config/access.yml @@ -0,0 +1,9 @@ +- input_type: log + paths: + {%- for path in paths %} + - {{path}} + {%- endfor %} + exclude_files: [".gz$"] + fields: + source_type: apache2-access + pipeline_id: {{beat.pipeline_id}} diff --git a/filebeat/module/apache2/access/ingest/no_plugins.json b/filebeat/module/apache2/access/ingest/no_plugins.json new file mode 100644 index 00000000000..25f33380539 --- /dev/null +++ b/filebeat/module/apache2/access/ingest/no_plugins.json @@ -0,0 +1,38 @@ +{ + "description": "Pipeline for parsing Nginx access logs.", + "processors": [{ + "grok": { + "field": "message", + "patterns":[ + "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"%{WORD:apache2.access.method} %{DATA:apache2.access.url} HTTP/%{NUMBER:apache2.access.http_version}\" %{NUMBER:apache2.access.response_code} %{NUMBER:apache2.access.body_sent.bytes}( \"%{DATA:apache2.access.referrer}\")?( \"%{DATA:apache2.access.agent}\")?", + "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"-\" %{NUMBER:apache2.access.response_code} -" + ], + "ignore_missing": true + } + },{ + "remove":{ + "field": "message" + } + }, { + "rename": { + "field": "@timestamp", + "target_field": "read_timestamp" + } + }, { + "date": { + "field": "apache2.access.time", + "target_field": "@timestamp", + "formats": ["dd/MMM/YYYY:H:m:s Z"] + } + }, { + "remove": { + "field": "apache2.access.time" + } + }], + "on_failure" : [{ + "set" : { + "field" : "error", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/filebeat/module/apache2/access/ingest/with_plugins.json b/filebeat/module/apache2/access/ingest/with_plugins.json new file mode 100644 index 00000000000..8c60260c72b --- /dev/null +++ b/filebeat/module/apache2/access/ingest/with_plugins.json @@ -0,0 +1,54 @@ +{ + "description": "Pipeline for parsing Nginx access logs. Requires the geoip and user_agent plugins.", + "processors": [{ + "grok": { + "field": "message", + "patterns":[ + "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"%{WORD:apache2.access.method} %{DATA:apache2.access.url} HTTP/%{NUMBER:apache2.access.http_version}\" %{NUMBER:apache2.access.response_code} %{NUMBER:apache2.access.body_sent.bytes}( \"%{DATA:apache2.access.referrer}\")?( \"%{DATA:apache2.access.agent}\")?", + "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"-\" %{NUMBER:apache2.access.response_code} -" + ], + "ignore_missing": true + } + },{ + "remove":{ + "field": "message" + } + }, { + "rename": { + "field": "@timestamp", + "target_field": "read_timestamp" + } + }, { + "date": { + "field": "apache2.access.time", + "target_field": "@timestamp", + "formats": ["dd/MMM/YYYY:H:m:s Z"] + } + }, { + "remove": { + "field": "apache2.access.time" + } + }, { + "user_agent": { + "field": "apache2.access.agent", + "target_field": "apache2.access.user_agent", + "ignore_failure": true + } + }, { + "remove": { + "field": "apache2.access.agent", + "ignore_failure": true + } + }, { + "geoip": { + "field": "apache2.access.remote_ip", + "target_field": "apache2.access.geoip" + } + }], + "on_failure" : [{ + "set" : { + "field" : "error", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/filebeat/module/apache2/access/manifest.yml b/filebeat/module/apache2/access/manifest.yml new file mode 100644 index 00000000000..43c3b1b732c --- /dev/null +++ b/filebeat/module/apache2/access/manifest.yml @@ -0,0 +1,18 @@ +module_version: 1.0 + +vars: + paths: + default: + - /var/log/apache2/access.log* + - /var/log/apache2/other_vhosts_access.log* + os.darwin: + - /usr/local/var/log/apache2/access_log* + os.windows: + - "C:/Program Files/Apache Software Foundation/Apache2.4/logs/access.log*" + pipeline: + # options: with_plugins, no_plugins + default: with_plugins + +ingest_pipeline: ingest/{{pipeline}}.json +prospectors: + - config/access.yml diff --git a/filebeat/module/apache2/access/test/darwin-2.4.23.log b/filebeat/module/apache2/access/test/darwin-2.4.23.log new file mode 100644 index 00000000000..1498b23dedd --- /dev/null +++ b/filebeat/module/apache2/access/test/darwin-2.4.23.log @@ -0,0 +1,6 @@ +::1 - - [26/Dec/2016:16:16:28 +0200] "GET / HTTP/1.1" 200 45 +::1 - - [26/Dec/2016:16:16:29 +0200] "GET /favicon.ico HTTP/1.1" 404 209 +::1 - - [26/Dec/2016:16:16:48 +0200] "-" 408 - +77.179.66.156 - - [26/Dec/2016:18:23:35 +0200] "GET / HTTP/1.1" 200 45 +77.179.66.156 - - [26/Dec/2016:18:23:41 +0200] "GET /notfound HTTP/1.1" 404 206 +77.179.66.156 - - [26/Dec/2016:18:23:45 +0200] "GET /hmm HTTP/1.1" 404 201 diff --git a/filebeat/module/apache2/access/test/test.log b/filebeat/module/apache2/access/test/test.log new file mode 100644 index 00000000000..a19899c8ce6 --- /dev/null +++ b/filebeat/module/apache2/access/test/test.log @@ -0,0 +1,3 @@ +::1 - - [26/Dec/2016:16:16:29 +0200] "GET /favicon.ico HTTP/1.1" 404 209 +192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] "GET /hello HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" +::1 - - [26/Dec/2016:16:16:48 +0200] "-" 408 - diff --git a/filebeat/module/apache2/access/test/test.log-expected.json b/filebeat/module/apache2/access/test/test.log-expected.json new file mode 100644 index 00000000000..0997759acc7 --- /dev/null +++ b/filebeat/module/apache2/access/test/test.log-expected.json @@ -0,0 +1,140 @@ +[ +{ + "_index": "filebeat-2016.12.27", + "_type": "log", + "_id": "AVlBCaYsqYg9cc5KQfcT", + "_score": null, + "_source": { + "@timestamp": "2016-12-26T14:16:29.000Z", + "offset": 73, + "apache2": { + "access": { + "response_code": "404", + "remote_ip": "::1", + "method": "GET", + "user_name": "-", + "http_version": "1.1", + "body_sent": { + "bytes": "209" + }, + "url": "/favicon.ico" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "read_timestamp": "2016-12-27T15:52:23.304Z", + "source": "module/apache2/access/test/test.log", + "fields": { + "pipeline_id": "apache2-access-with_plugins", + "source_type": "apache2-access" + }, + "type": "log" + }, + "fields": { + "@timestamp": [ + 1482761789000 + ] + }, + "sort": [ + 1482761789000 + ] +}, +{ + "_index": "filebeat-2016.12.27", + "_type": "log", + "_id": "AVlBCaYsqYg9cc5KQfcU", + "_score": null, + "_source": { + "@timestamp": "2016-12-26T16:22:13.000Z", + "offset": 238, + "apache2": { + "access": { + "referrer": "-", + "response_code": "404", + "remote_ip": "192.168.33.1", + "method": "GET", + "user_name": "-", + "http_version": "1.1", + "body_sent": { + "bytes": "499" + }, + "url": "/hello", + "user_agent": { + "major": "50", + "minor": "0", + "os": "Mac OS X 10.12", + "os_minor": "12", + "os_major": "10", + "name": "Firefox", + "os_name": "Mac OS X", + "device": "Other" + } + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "read_timestamp": "2016-12-27T15:52:23.304Z", + "source": "module/apache2/access/test/test.log", + "fields": { + "pipeline_id": "apache2-access-with_plugins", + "source_type": "apache2-access" + }, + "type": "log" + }, + "fields": { + "@timestamp": [ + 1482769333000 + ] + }, + "sort": [ + 1482769333000 + ] +}, +{ + "_index": "filebeat-2016.12.27", + "_type": "log", + "_id": "AVlBCaYsqYg9cc5KQfc-", + "_score": null, + "_source": { + "@timestamp": "2016-12-26T14:16:48.000Z", + "offset": 285, + "apache2": { + "access": { + "response_code": "408", + "remote_ip": "::1", + "user_name": "-" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "read_timestamp": "2016-12-27T16:04:58.319Z", + "source": "module/apache2/access/test/test.log", + "fields": { + "pipeline_id": "apache2-access-with_plugins", + "source_type": "apache2-access" + }, + "type": "log" + }, + "fields": { + "@timestamp": [ + 1482761808000 + ] + }, + "sort": [ + 1482761808000 + ] +} +] + diff --git a/filebeat/module/apache2/access/test/ubuntu-2.2.22.log b/filebeat/module/apache2/access/test/ubuntu-2.2.22.log new file mode 100644 index 00000000000..92d1bdd85af --- /dev/null +++ b/filebeat/module/apache2/access/test/ubuntu-2.2.22.log @@ -0,0 +1,9 @@ +127.0.0.1 - - [26/Dec/2016:16:18:09 +0000] "GET / HTTP/1.1" 200 491 "-" "Wget/1.13.4 (linux-gnu)" +192.168.33.1 - - [26/Dec/2016:16:22:00 +0000] "GET / HTTP/1.1" 200 484 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36" +192.168.33.1 - - [26/Dec/2016:16:22:00 +0000] "GET /favicon.ico HTTP/1.1" 404 504 "http://192.168.33.72/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36" +192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] "GET / HTTP/1.1" 200 484 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" +192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] "GET /favicon.ico HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" +192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] "GET /favicon.ico HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" +192.168.33.1 - - [26/Dec/2016:16:22:10 +0000] "GET /test HTTP/1.1" 404 498 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" +192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] "GET /hello HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" +192.168.33.1 - - [26/Dec/2016:16:22:17 +0000] "GET /crap HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" diff --git a/filebeat/module/apache2/error/_meta/fields.yml b/filebeat/module/apache2/error/_meta/fields.yml new file mode 100644 index 00000000000..49bf5be395f --- /dev/null +++ b/filebeat/module/apache2/error/_meta/fields.yml @@ -0,0 +1,29 @@ +- name: error + type: group + description: > + Fields from the Apache error logs. + fields: + - name: level + type: keyword + description: > + The severity level of the message. + - name: client + type: keyword + description: > + The IP address of the client that generated the error. + - name: message + type: text + description: > + The logged message. + - name: pid + type: long + description: > + The process ID. + - name: tid + type: long + description: > + The thread ID. + - name: module + type: keyword + description: > + The module producing the logged message. diff --git a/filebeat/module/apache2/error/config/error.yml b/filebeat/module/apache2/error/config/error.yml new file mode 100644 index 00000000000..cda0f2ad406 --- /dev/null +++ b/filebeat/module/apache2/error/config/error.yml @@ -0,0 +1,9 @@ +- input_type: log + paths: + {%- for path in paths %} + - {{path}} + {%- endfor %} + exclude_files: [".gz$"] + fields: + source_type: apache2-error + pipeline_id: {{beat.pipeline_id}} diff --git a/filebeat/module/apache2/error/ingest/pipeline.json b/filebeat/module/apache2/error/ingest/pipeline.json new file mode 100644 index 00000000000..ac4e9a9cdcb --- /dev/null +++ b/filebeat/module/apache2/error/ingest/pipeline.json @@ -0,0 +1,50 @@ +{ + "description": "Pipeline for parsing apache2 error logs", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "\\[%{APACHE_TIME:apache2.error.timestamp}\\] \\[%{LOGLEVEL:apache2.error.level}\\]( \\[client %{IPORHOST:apache2.error.client}\\])? %{GREEDYDATA:apache2.error.message}", + "\\[%{APACHE_TIME:apache2.error.timestamp}\\] \\[%{DATA:apache2.error.module}:%{LOGLEVEL:apache2.error.level}\\] \\[pid %{NUMBER:apache2.error.pid}(:tid %{NUMBER:apache2.error.tid})?\\]( \\[client %{IPORHOST:apache2.error.client}\\])? %{GREEDYDATA:apache2.error.message1}" + ], + "pattern_definitions": { + "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "ignore_missing": true + } + }, + { + "remove":{ + "field": "message" + } + }, + { + "rename": { + "field": "apache2.error.message1", + "target_field": "apache2.error.message", + "ignore_failure": true + } + }, + { + "date": { + "field": "apache2.error.timestamp", + "target_field": "@timestamp", + "formats": ["EEE MMM dd H:m:s YYYY", "EEE MMM dd H:m:s.SSSSSS YYYY"], + "ignore_failure": true + } + }, + { + "remove": { + "field": "apache2.error.timestamp", + "ignore_failure": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/filebeat/module/apache2/error/manifest.yml b/filebeat/module/apache2/error/manifest.yml new file mode 100644 index 00000000000..d3ee774b82c --- /dev/null +++ b/filebeat/module/apache2/error/manifest.yml @@ -0,0 +1,14 @@ +module_version: 1.0 + +vars: + paths: + default: + - /var/log/apache2/error.log* + os.darwin: + - /usr/local/var/log/apache2/error_log* + os.windows: + - "C:/Program Files/Apache Software Foundation/Apache2.4/logs/error.log*" + +ingest_pipeline: ingest/pipeline.json +prospectors: + - config/error.yml diff --git a/filebeat/module/apache2/error/test/darwin-2.4.23.log b/filebeat/module/apache2/error/test/darwin-2.4.23.log new file mode 100644 index 00000000000..428ba85a7f9 --- /dev/null +++ b/filebeat/module/apache2/error/test/darwin-2.4.23.log @@ -0,0 +1,2 @@ +[Mon Dec 26 16:15:55.103522 2016] [mpm_prefork:notice] [pid 11379] AH00163: Apache/2.4.23 (Unix) configured -- resuming normal operations +[Mon Dec 26 16:15:55.103786 2016] [core:notice] [pid 11379] AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd' diff --git a/filebeat/module/apache2/error/test/test.log b/filebeat/module/apache2/error/test/test.log new file mode 100644 index 00000000000..80a24f6f287 --- /dev/null +++ b/filebeat/module/apache2/error/test/test.log @@ -0,0 +1,3 @@ +[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico +[Mon Dec 26 16:15:55.103786 2016] [core:notice] [pid 11379] AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd' +[Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416] [client 72.15.99.187] File does not exist: /usr/local/apache2/htdocs/favicon.ico diff --git a/filebeat/module/apache2/error/test/test.log-expected.json b/filebeat/module/apache2/error/test/test.log-expected.json new file mode 100644 index 00000000000..05008603595 --- /dev/null +++ b/filebeat/module/apache2/error/test/test.log-expected.json @@ -0,0 +1,93 @@ +[ + { + "_index": "filebeat-2016.12.29", + "_type": "log", + "_id": "AVlGiYcNqYg9cc5KQfdz", + "_score": 1, + "_source": { + "@timestamp": "2016-12-26T16:15:55.103Z", + "offset": 229, + "apache2": { + "error": { + "level": "notice", + "module": "core", + "pid": "11379", + "message": "AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "source": "module/apache2/error/test/test.log", + "fields": { + "pipeline_id": "apache2-error-pipeline", + "source_type": "apache2-error" + }, + "type": "log" + } + }, + { + "_index": "filebeat-2016.12.29", + "_type": "log", + "_id": "AVlGiYcNqYg9cc5KQfd0", + "_score": 1, + "_source": { + "@timestamp": "2011-09-09T10:42:29.902Z", + "offset": 384, + "apache2": { + "error": { + "level": "error", + "module": "core", + "client": "72.15.99.187", + "pid": "35708", + "message": "File does not exist: /usr/local/apache2/htdocs/favicon.ico", + "tid": "4328636416" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "source": "module/apache2/error/test/test.log", + "fields": { + "pipeline_id": "apache2-error-pipeline", + "source_type": "apache2-error" + }, + "type": "log" + } + }, + { + "_index": "filebeat-2016.12.29", + "_type": "log", + "_id": "AVlGiYcMqYg9cc5KQfdy", + "_score": 1, + "_source": { + "@timestamp": "2016-12-26T16:22:08.000Z", + "offset": 99, + "apache2": { + "error": { + "level": "error", + "client": "192.168.33.1", + "message": "File does not exist: /var/www/favicon.ico" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "source": "module/apache2/error/test/test.log", + "fields": { + "pipeline_id": "apache2-error-pipeline", + "source_type": "apache2-error" + }, + "type": "log" + } + } +] diff --git a/filebeat/module/apache2/error/test/ubuntu-2.2.22.log b/filebeat/module/apache2/error/test/ubuntu-2.2.22.log new file mode 100644 index 00000000000..e457f0bc783 --- /dev/null +++ b/filebeat/module/apache2/error/test/ubuntu-2.2.22.log @@ -0,0 +1,7 @@ +[Mon Dec 26 16:17:53 2016] [notice] Apache/2.2.22 (Ubuntu) configured -- resuming normal operations +[Mon Dec 26 16:22:00 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico, referer: http://192.168.33.72/ +[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico +[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico +[Mon Dec 26 16:22:10 2016] [error] [client 192.168.33.1] File does not exist: /var/www/test +[Mon Dec 26 16:22:13 2016] [error] [client 192.168.33.1] File does not exist: /var/www/hello +[Mon Dec 26 16:22:17 2016] [error] [client 192.168.33.1] File does not exist: /var/www/crap diff --git a/filebeat/module/nginx/access/manifest.yml b/filebeat/module/nginx/access/manifest.yml index 4ec44f1c18f..abda5cccd9a 100644 --- a/filebeat/module/nginx/access/manifest.yml +++ b/filebeat/module/nginx/access/manifest.yml @@ -9,7 +9,7 @@ vars: os.windows: - c:/programfiles/nginx/logs/access.log* pipeline: - # options: with_plugins, no_plugins, json_with_plugins, json_no_plugins + # options: with_plugins, no_plugins default: with_plugins ingest_pipeline: ingest/{{pipeline}}.json diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index f69297fab2e..062f3ddf468 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -83,6 +83,7 @@ def run_on_file(self, module, fileset, test_file): assert len(objects) > 0 for obj in objects: self.assert_fields_are_documented(obj) + # assert "error" not in obj # no parsing errors if os.path.exists(test_file + "-expected.json"): with open(test_file + "-expected.json", "r") as f: