From 76b1a21b78e0539dc9b3d606c99d6c3c7fbabd6d Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 14:15:11 +0100 Subject: [PATCH 01/10] Use vcr to record requests --- go.mod | 1 + go.sum | 2 + internal/elasticsearch/client.go | 17 ++- internal/elasticsearch/client_test.go | 14 +- internal/elasticsearch/test/httptest.go | 82 +++------- .../testdata/elasticsearch-8-5-healthy.yaml | 102 +++++++++++++ .../_cluster-health.json | 1 - .../elasticsearch-8-5-healthy/root.json | 17 --- .../elasticsearch-8-5-red-out-of-disk.yaml | 144 ++++++++++++++++++ .../_cluster-health.json | 1 - .../_internal-_health.json | 1 - .../root.json | 17 --- 12 files changed, 294 insertions(+), 105 deletions(-) create mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-healthy.yaml delete mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-healthy/_cluster-health.json delete mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-healthy/root.json create mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk.yaml delete mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_cluster-health.json delete mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_internal-_health.json delete mode 100644 internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/root.json diff --git a/go.mod b/go.mod index e4f965e39a..84996e0d9c 100644 --- a/go.mod +++ b/go.mod @@ -34,6 +34,7 @@ require ( github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 golang.org/x/tools v0.15.0 + gopkg.in/dnaeon/go-vcr.v3 v3.1.2 gopkg.in/yaml.v3 v3.0.1 gotest.tools/gotestsum v1.11.0 helm.sh/helm/v3 v3.13.2 diff --git a/go.sum b/go.sum index 5240fe95f0..95e55b3b71 100644 --- a/go.sum +++ b/go.sum @@ -910,6 +910,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/dnaeon/go-vcr.v3 v3.1.2 h1:F1smfXBqQqwpVifDfUBQG6zzaGjzT+EnVZakrOdr5wA= +gopkg.in/dnaeon/go-vcr.v3 v3.1.2/go.mod h1:2IMOnnlx9I6u9x+YBsM3tAMx6AlOxnJ0pWxQAzZ79Ag= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/hjson/hjson-go.v3 v3.0.1/go.mod h1:X6zrTSVeImfwfZLfgQdInl9mWjqPqgH90jom9nym/lw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= diff --git a/internal/elasticsearch/client.go b/internal/elasticsearch/client.go index 986442102c..694306c14c 100644 --- a/internal/elasticsearch/client.go +++ b/internal/elasticsearch/client.go @@ -89,13 +89,22 @@ type Client struct { // NewClient method creates new instance of the Elasticsearch client. func NewClient(customOptions ...ClientOption) (*Client, error) { + config, err := NewConfig(customOptions...) + if err != nil { + return nil, err + } + + return NewClientWithConfig(config) +} + +func NewConfig(customOptions ...ClientOption) (elasticsearch.Config, error) { options := clientOptions{} for _, option := range customOptions { option(&options) } if options.address == "" { - return nil, ErrUndefinedAddress + return elasticsearch.Config{}, ErrUndefinedAddress } config := elasticsearch.Config{ @@ -110,13 +119,17 @@ func NewClient(customOptions ...ClientOption) (*Client, error) { } else if options.certificateAuthority != "" { rootCAs, err := certs.SystemPoolWithCACertificate(options.certificateAuthority) if err != nil { - return nil, fmt.Errorf("reading CA certificate: %w", err) + return config, fmt.Errorf("reading CA certificate: %w", err) } config.Transport = &http.Transport{ TLSClientConfig: &tls.Config{RootCAs: rootCAs}, } } + return config, nil +} + +func NewClientWithConfig(config elasticsearch.Config) (*Client, error) { client, err := elasticsearch.NewClient(config) if err != nil { return nil, fmt.Errorf("can't create instance: %w", err) diff --git a/internal/elasticsearch/client_test.go b/internal/elasticsearch/client_test.go index 51e218a6d0..131fe6cd1f 100644 --- a/internal/elasticsearch/client_test.go +++ b/internal/elasticsearch/client_test.go @@ -56,21 +56,21 @@ func TestClientWithTLS(t *testing.T) { func TestClusterHealth(t *testing.T) { cases := []struct { - RecordDir string - Expected string + Record string + Expected string }{ { - RecordDir: "./testdata/elasticsearch-8-5-healthy", + Record: "./testdata/elasticsearch-8-5-healthy", }, { - RecordDir: "./testdata/elasticsearch-8-5-red-out-of-disk", - Expected: "cluster in unhealthy state: 33 indices reside on nodes that have run or are likely to run out of disk space, this can temporarily disable writing on these indices.", + Record: "./testdata/elasticsearch-8-5-red-out-of-disk", + Expected: "cluster in unhealthy state: 33 indices reside on nodes that have run or are likely to run out of disk space, this can temporarily disable writing on these indices.", }, } for _, c := range cases { - t.Run(c.RecordDir, func(t *testing.T) { - client := test.NewClient(t, c.RecordDir) + t.Run(c.Record, func(t *testing.T) { + client := test.NewClient(t, c.Record) err := client.CheckHealth(context.Background()) if c.Expected != "" { diff --git a/internal/elasticsearch/test/httptest.go b/internal/elasticsearch/test/httptest.go index d35ed7896c..54c411fcb7 100644 --- a/internal/elasticsearch/test/httptest.go +++ b/internal/elasticsearch/test/httptest.go @@ -5,16 +5,11 @@ package test import ( - "io" - "net/http" - "net/http/httptest" - "net/url" "os" - "path/filepath" - "strings" "testing" "github.com/stretchr/testify/require" + "gopkg.in/dnaeon/go-vcr.v3/recorder" "github.com/elastic/elastic-package/internal/elasticsearch" "github.com/elastic/elastic-package/internal/stack" @@ -25,64 +20,33 @@ import ( // elastic-package stack, and records the response. // Responses are recorded in the directory indicated by serverDataDir. func NewClient(t *testing.T, serverDataDir string) *elasticsearch.Client { - server := testElasticsearchServer(t, serverDataDir) - t.Cleanup(func() { server.Close() }) - - client, err := stack.NewElasticsearchClient( - elasticsearch.OptionWithAddress(server.URL), - ) - require.NoError(t, err) - - return client -} - -func testElasticsearchServer(t *testing.T, mockServerDir string) *httptest.Server { - return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - t.Log(r.Method, r.URL.String()) - f := filepath.Join(mockServerDir, pathForURL(r.URL.String())) - if _, err := os.Stat(f); err != nil { - recordRequest(t, r, f) - } - http.ServeFile(w, r, f) - })) -} - -var pathReplacer = strings.NewReplacer( - "/", "-", - "*", "_", - "?", "_", - "=", "_", -) - -func pathForURL(url string) string { - clean := strings.Trim(url, "/") - if len(clean) == 0 { - return "root.json" + address := os.Getenv(stack.ElasticsearchHostEnv) + if address == "" { + address = "https://127.0.0.1:9200" } - return pathReplacer.Replace(clean) + ".json" -} - -func recordRequest(t *testing.T, r *http.Request, path string) { - client, err := stack.NewElasticsearchClient() - require.NoError(t, err) - - t.Logf("Recording %s in %s", r.URL.Path, path) - var recordURL url.URL - recordURL.Path = r.URL.Path - recordURL.RawQuery = r.URL.RawQuery + config, err := elasticsearch.NewConfig( + elasticsearch.OptionWithAddress(address), + elasticsearch.OptionWithPassword(os.Getenv(stack.ElasticsearchPasswordEnv)), + elasticsearch.OptionWithUsername(os.Getenv(stack.ElasticsearchUsernameEnv)), + elasticsearch.OptionWithCertificateAuthority(os.Getenv(stack.CACertificateEnv)), + ) - req, err := http.NewRequest(r.Method, recordURL.String(), nil) + rec, err := recorder.NewWithOptions(&recorder.Options{ + CassetteName: serverDataDir, + Mode: recorder.ModeReplayWithNewEpisodes, + SkipRequestLatency: false, + RealTransport: config.Transport, + }) require.NoError(t, err) + config.Transport = rec - resp, err := client.Perform(req) + client, err := elasticsearch.NewClientWithConfig(config) require.NoError(t, err) - defer resp.Body.Close() - os.MkdirAll(filepath.Dir(path), 0755) - f, err := os.Create(path) - require.NoError(t, err) - defer f.Close() + t.Cleanup(func() { + err := rec.Stop() + require.NoError(t, err) + }) - _, err = io.Copy(f, resp.Body) - require.NoError(t, err) + return client } diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-healthy.yaml b/internal/elasticsearch/testdata/elasticsearch-8-5-healthy.yaml new file mode 100644 index 0000000000..782e9228c1 --- /dev/null +++ b/internal/elasticsearch/testdata/elasticsearch-8-5-healthy.yaml @@ -0,0 +1,102 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/ + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 538 + uncompressed: false + body: | + { + "name" : "395e0d3471a2", + "cluster_name" : "elasticsearch", + "cluster_uuid" : "1Lg4BY0OQHy8IY9s4de1cw", + "version" : { + "number" : "8.5.0", + "build_flavor" : "default", + "build_type" : "docker", + "build_hash" : "c94b4700cda13820dad5aa74fae6db185ca5c304", + "build_date" : "2022-10-24T16:54:16.433628434Z", + "build_snapshot" : false, + "lucene_version" : "9.4.1", + "minimum_wire_compatibility_version" : "7.17.0", + "minimum_index_compatibility_version" : "7.0.0" + }, + "tagline" : "You Know, for Search" + } + headers: + Content-Length: + - "538" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 4.504445ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_cluster/health + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 405 + uncompressed: false + body: '{"cluster_name":"elasticsearch","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":33,"active_shards":33,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":19,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":63.46153846153846}' + headers: + Content-Length: + - "405" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.533637ms diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-healthy/_cluster-health.json b/internal/elasticsearch/testdata/elasticsearch-8-5-healthy/_cluster-health.json deleted file mode 100644 index 26ab1ed050..0000000000 --- a/internal/elasticsearch/testdata/elasticsearch-8-5-healthy/_cluster-health.json +++ /dev/null @@ -1 +0,0 @@ -{"cluster_name":"elasticsearch","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":33,"active_shards":33,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":19,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":63.46153846153846} \ No newline at end of file diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-healthy/root.json b/internal/elasticsearch/testdata/elasticsearch-8-5-healthy/root.json deleted file mode 100644 index b5284be82c..0000000000 --- a/internal/elasticsearch/testdata/elasticsearch-8-5-healthy/root.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name" : "6dcb6ee762ec", - "cluster_name" : "elasticsearch", - "cluster_uuid" : "YhxaHz-aRrKl_rtySRVBoQ", - "version" : { - "number" : "8.5.0-SNAPSHOT", - "build_flavor" : "default", - "build_type" : "docker", - "build_hash" : "77b936e44234defdde3c7ded0d1ad9ae5e288f77", - "build_date" : "2022-10-29T04:11:27.132517622Z", - "build_snapshot" : true, - "lucene_version" : "9.4.1", - "minimum_wire_compatibility_version" : "7.17.0", - "minimum_index_compatibility_version" : "7.0.0" - }, - "tagline" : "You Know, for Search" -} diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk.yaml b/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk.yaml new file mode 100644 index 0000000000..5a33e0a57a --- /dev/null +++ b/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk.yaml @@ -0,0 +1,144 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/ + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 538 + uncompressed: false + body: | + { + "name" : "395e0d3471a2", + "cluster_name" : "elasticsearch", + "cluster_uuid" : "1Lg4BY0OQHy8IY9s4de1cw", + "version" : { + "number" : "8.5.0", + "build_flavor" : "default", + "build_type" : "docker", + "build_hash" : "c94b4700cda13820dad5aa74fae6db185ca5c304", + "build_date" : "2022-10-24T16:54:16.433628434Z", + "build_snapshot" : false, + "lucene_version" : "9.4.1", + "minimum_wire_compatibility_version" : "7.17.0", + "minimum_index_compatibility_version" : "7.0.0" + }, + "tagline" : "You Know, for Search" + } + headers: + Content-Length: + - "538" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 4.321606ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_cluster/health + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 405 + uncompressed: false + body: '{"cluster_name":"elasticsearch","status":"red","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":33,"active_shards":33,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":20,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":62.264150943396224}' + headers: + Content-Length: + - "405" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.265951ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_internal/_health + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 3758 + uncompressed: false + body: | + {"status":"red","cluster_name":"elasticsearch","indicators":{"master_is_stable":{"status":"green","symptom":"The cluster has a stable master node","details":{"current_master":{"node_id":"PWBH3euxQn2wZwg0OgeCzQ","name":"008309953ac4"},"recent_masters":[{"node_id":"PWBH3euxQn2wZwg0OgeCzQ","name":"008309953ac4"}]}},"repository_integrity":{"status":"green","symptom":"No snapshot repositories configured."},"shards_availability":{"status":"red","symptom":"This cluster has 1 unavailable primary shard, 19 unavailable replica shards.","details":{"creating_primaries":0,"unassigned_replicas":19,"restarting_primaries":0,"restarting_replicas":0,"initializing_primaries":0,"started_replicas":0,"initializing_replicas":0,"unassigned_primaries":1,"started_primaries":33},"impacts":[{"id":"elasticsearch:health:shards_availability:impact:primary_unassigned","severity":1,"description":"Cannot add data to 1 index [.fleet-actions-7]. Searches might return incomplete results.","impact_areas":["ingest","search"]},{"id":"elasticsearch:health:shards_availability:impact:replica_unassigned","severity":2,"description":"Searches might be slower than usual. Fewer redundant copies of the data exist on 19 indices [.ds-logs-elastic_agent-default-2022.11.25-000001, .ds-logs-elastic_agent.filebeat-default-2022.11.25-000001, .ds-logs-elastic_agent.fleet_server-default-2022.11.25-000001, .ds-logs-elastic_agent.metricbeat-default-2022.11.25-000001, .ds-metrics-elastic_agent.elastic_agent-default-2022.11.25-000001, .ds-metrics-elastic_agent.filebeat-default-2022.11.25-000001, .ds-metrics-elastic_agent.fleet_server-default-2022.11.25-000001, .ds-metrics-elastic_agent.metricbeat-default-2022.11.25-000001, .ds-metrics-system.cpu-default-2022.11.25-000001, .ds-metrics-system.diskio-default-2022.11.25-000001, ...].","impact_areas":["search"]}],"diagnosis":[{"id":"elasticsearch:health:shards_availability:diagnosis:increase_tier_capacity_for_allocations:tier:data_hot","cause":"Elasticsearch isn't allowed to allocate some shards from these indices to any of the nodes in the desired data tier because there are not enough nodes in the [data_hot] tier to allocate each shard copy on a different node.","action":"Increase the number of nodes in this tier or decrease the number of replica shards in the affected indices.","affected_resources":[".ds-logs-elastic_agent-default-2022.11.25-000001",".ds-logs-elastic_agent.filebeat-default-2022.11.25-000001",".ds-logs-elastic_agent.fleet_server-default-2022.11.25-000001",".ds-logs-elastic_agent.metricbeat-default-2022.11.25-000001",".ds-metrics-elastic_agent.elastic_agent-default-2022.11.25-000001",".ds-metrics-elastic_agent.filebeat-default-2022.11.25-000001",".ds-metrics-elastic_agent.fleet_server-default-2022.11.25-000001",".ds-metrics-elastic_agent.metricbeat-default-2022.11.25-000001",".ds-metrics-system.cpu-default-2022.11.25-000001",".ds-metrics-system.diskio-default-2022.11.25-000001",".ds-metrics-system.filesystem-default-2022.11.25-000001",".ds-metrics-system.fsstat-default-2022.11.25-000001",".ds-metrics-system.load-default-2022.11.25-000001",".ds-metrics-system.memory-default-2022.11.25-000001",".ds-metrics-system.network-default-2022.11.25-000001",".ds-metrics-system.process-default-2022.11.25-000001",".ds-metrics-system.process.summary-default-2022.11.25-000001",".ds-metrics-system.socket_summary-default-2022.11.25-000001",".ds-metrics-system.uptime-default-2022.11.25-000001"],"help_url":"http://ela.st/tier-capacity"},{"id":"elasticsearch:health:shards_availability:diagnosis:explain_allocations","cause":"Elasticsearch isn't allowed to allocate some shards from these indices to any of the nodes in the cluster.","action":"Diagnose the issue by calling the allocation explain API for an index [GET _cluster/allocation/explain]. Choose a node to which you expect a shard to be allocated, find this node in the node-by-node explanation, and address the reasons which prevent Elasticsearch from allocating the shard.","affected_resources":[".fleet-actions-7"],"help_url":"http://ela.st/diagnose-shards"}]},"disk":{"status":"red","symptom":"33 indices are not allowed to be updated. 1 node is out of disk or running low on disk space.","details":{"indices_with_readonly_block":33,"nodes_with_enough_disk_space":0,"nodes_with_unknown_disk_status":0,"nodes_over_high_watermark":0,"nodes_over_flood_stage_watermark":1},"impacts":[{"id":"elasticsearch:health:disk:impact:ingest_capability_unavailable","severity":1,"description":"Cannot insert or update documents in the affected indices [.kibana_security_session_1, .security-7, .kibana_8.5.0_001, .kibana_task_manager_8.5.0_001, .apm-agent-configuration, .apm-custom-link, .ds-.logs-deprecation.elasticsearch-default-2022.11.25-000001, .ds-ilm-history-5-2022.11.25-000001, .ds-logs-elastic_agent-default-2022.11.25-000001, .ds-logs-elastic_agent.filebeat-default-2022.11.25-000001, ...].","impact_areas":["ingest"]},{"id":"elasticsearch:health:disk:impact:cluster_stability_at_risk","severity":1,"description":"Cluster stability might be impaired.","impact_areas":["deployment_management"]},{"id":"elasticsearch:health:disk:impact:cluster_functionality_unavailable","severity":3,"description":"The [ingest, ml, remote_cluster_client, transform] functionality might be impaired.","impact_areas":["deployment_management"]}],"diagnosis":[{"id":"elasticsearch:health:disk:diagnosis:add_disk_capacity_data_nodes","cause":"33 indices reside on nodes that have run or are likely to run out of disk space, this can temporarily disable writing on these indices.","action":"Enable autoscaling (if applicable), add disk capacity or free up disk space to resolve this. If you have already taken action please wait for the rebalancing to complete.","affected_resources":["PWBH3euxQn2wZwg0OgeCzQ"],"help_url":"https://ela.st/fix-data-disk"}]},"ilm":{"status":"green","symptom":"Index Lifecycle Management is running","details":{"policies":25,"ilm_status":"RUNNING"}},"slm":{"status":"green","symptom":"No Snapshot Lifecycle Management policies configured","details":{"slm_status":"RUNNING","policies":0}}}} + headers: + Content-Length: + - "3758" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 20.397377ms diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_cluster-health.json b/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_cluster-health.json deleted file mode 100644 index 8def409a5a..0000000000 --- a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_cluster-health.json +++ /dev/null @@ -1 +0,0 @@ -{"cluster_name":"elasticsearch","status":"red","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":33,"active_shards":33,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":20,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":62.264150943396224} \ No newline at end of file diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_internal-_health.json b/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_internal-_health.json deleted file mode 100644 index d140d20c44..0000000000 --- a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/_internal-_health.json +++ /dev/null @@ -1 +0,0 @@ -{"status":"red","cluster_name":"elasticsearch","indicators":{"master_is_stable":{"status":"green","symptom":"The cluster has a stable master node","details":{"current_master":{"node_id":"PWBH3euxQn2wZwg0OgeCzQ","name":"008309953ac4"},"recent_masters":[{"node_id":"PWBH3euxQn2wZwg0OgeCzQ","name":"008309953ac4"}]}},"repository_integrity":{"status":"green","symptom":"No snapshot repositories configured."},"shards_availability":{"status":"red","symptom":"This cluster has 1 unavailable primary shard, 19 unavailable replica shards.","details":{"creating_primaries":0,"unassigned_replicas":19,"restarting_primaries":0,"restarting_replicas":0,"initializing_primaries":0,"started_replicas":0,"initializing_replicas":0,"unassigned_primaries":1,"started_primaries":33},"impacts":[{"id":"elasticsearch:health:shards_availability:impact:primary_unassigned","severity":1,"description":"Cannot add data to 1 index [.fleet-actions-7]. Searches might return incomplete results.","impact_areas":["ingest","search"]},{"id":"elasticsearch:health:shards_availability:impact:replica_unassigned","severity":2,"description":"Searches might be slower than usual. Fewer redundant copies of the data exist on 19 indices [.ds-logs-elastic_agent-default-2022.11.25-000001, .ds-logs-elastic_agent.filebeat-default-2022.11.25-000001, .ds-logs-elastic_agent.fleet_server-default-2022.11.25-000001, .ds-logs-elastic_agent.metricbeat-default-2022.11.25-000001, .ds-metrics-elastic_agent.elastic_agent-default-2022.11.25-000001, .ds-metrics-elastic_agent.filebeat-default-2022.11.25-000001, .ds-metrics-elastic_agent.fleet_server-default-2022.11.25-000001, .ds-metrics-elastic_agent.metricbeat-default-2022.11.25-000001, .ds-metrics-system.cpu-default-2022.11.25-000001, .ds-metrics-system.diskio-default-2022.11.25-000001, ...].","impact_areas":["search"]}],"diagnosis":[{"id":"elasticsearch:health:shards_availability:diagnosis:increase_tier_capacity_for_allocations:tier:data_hot","cause":"Elasticsearch isn't allowed to allocate some shards from these indices to any of the nodes in the desired data tier because there are not enough nodes in the [data_hot] tier to allocate each shard copy on a different node.","action":"Increase the number of nodes in this tier or decrease the number of replica shards in the affected indices.","affected_resources":[".ds-logs-elastic_agent-default-2022.11.25-000001",".ds-logs-elastic_agent.filebeat-default-2022.11.25-000001",".ds-logs-elastic_agent.fleet_server-default-2022.11.25-000001",".ds-logs-elastic_agent.metricbeat-default-2022.11.25-000001",".ds-metrics-elastic_agent.elastic_agent-default-2022.11.25-000001",".ds-metrics-elastic_agent.filebeat-default-2022.11.25-000001",".ds-metrics-elastic_agent.fleet_server-default-2022.11.25-000001",".ds-metrics-elastic_agent.metricbeat-default-2022.11.25-000001",".ds-metrics-system.cpu-default-2022.11.25-000001",".ds-metrics-system.diskio-default-2022.11.25-000001",".ds-metrics-system.filesystem-default-2022.11.25-000001",".ds-metrics-system.fsstat-default-2022.11.25-000001",".ds-metrics-system.load-default-2022.11.25-000001",".ds-metrics-system.memory-default-2022.11.25-000001",".ds-metrics-system.network-default-2022.11.25-000001",".ds-metrics-system.process-default-2022.11.25-000001",".ds-metrics-system.process.summary-default-2022.11.25-000001",".ds-metrics-system.socket_summary-default-2022.11.25-000001",".ds-metrics-system.uptime-default-2022.11.25-000001"],"help_url":"http://ela.st/tier-capacity"},{"id":"elasticsearch:health:shards_availability:diagnosis:explain_allocations","cause":"Elasticsearch isn't allowed to allocate some shards from these indices to any of the nodes in the cluster.","action":"Diagnose the issue by calling the allocation explain API for an index [GET _cluster/allocation/explain]. Choose a node to which you expect a shard to be allocated, find this node in the node-by-node explanation, and address the reasons which prevent Elasticsearch from allocating the shard.","affected_resources":[".fleet-actions-7"],"help_url":"http://ela.st/diagnose-shards"}]},"disk":{"status":"red","symptom":"33 indices are not allowed to be updated. 1 node is out of disk or running low on disk space.","details":{"indices_with_readonly_block":33,"nodes_with_enough_disk_space":0,"nodes_with_unknown_disk_status":0,"nodes_over_high_watermark":0,"nodes_over_flood_stage_watermark":1},"impacts":[{"id":"elasticsearch:health:disk:impact:ingest_capability_unavailable","severity":1,"description":"Cannot insert or update documents in the affected indices [.kibana_security_session_1, .security-7, .kibana_8.5.0_001, .kibana_task_manager_8.5.0_001, .apm-agent-configuration, .apm-custom-link, .ds-.logs-deprecation.elasticsearch-default-2022.11.25-000001, .ds-ilm-history-5-2022.11.25-000001, .ds-logs-elastic_agent-default-2022.11.25-000001, .ds-logs-elastic_agent.filebeat-default-2022.11.25-000001, ...].","impact_areas":["ingest"]},{"id":"elasticsearch:health:disk:impact:cluster_stability_at_risk","severity":1,"description":"Cluster stability might be impaired.","impact_areas":["deployment_management"]},{"id":"elasticsearch:health:disk:impact:cluster_functionality_unavailable","severity":3,"description":"The [ingest, ml, remote_cluster_client, transform] functionality might be impaired.","impact_areas":["deployment_management"]}],"diagnosis":[{"id":"elasticsearch:health:disk:diagnosis:add_disk_capacity_data_nodes","cause":"33 indices reside on nodes that have run or are likely to run out of disk space, this can temporarily disable writing on these indices.","action":"Enable autoscaling (if applicable), add disk capacity or free up disk space to resolve this. If you have already taken action please wait for the rebalancing to complete.","affected_resources":["PWBH3euxQn2wZwg0OgeCzQ"],"help_url":"https://ela.st/fix-data-disk"}]},"ilm":{"status":"green","symptom":"Index Lifecycle Management is running","details":{"policies":25,"ilm_status":"RUNNING"}},"slm":{"status":"green","symptom":"No Snapshot Lifecycle Management policies configured","details":{"slm_status":"RUNNING","policies":0}}}} \ No newline at end of file diff --git a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/root.json b/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/root.json deleted file mode 100644 index b3e9625dbd..0000000000 --- a/internal/elasticsearch/testdata/elasticsearch-8-5-red-out-of-disk/root.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name" : "008309953ac4", - "cluster_name" : "elasticsearch", - "cluster_uuid" : "vYXuo7eQR-ikBlJfH3kQaQ", - "version" : { - "number" : "8.5.0-SNAPSHOT", - "build_flavor" : "default", - "build_type" : "docker", - "build_hash" : "77b936e44234defdde3c7ded0d1ad9ae5e288f77", - "build_date" : "2022-10-29T04:11:27.132517622Z", - "build_snapshot" : true, - "lucene_version" : "9.4.1", - "minimum_wire_compatibility_version" : "7.17.0", - "minimum_index_compatibility_version" : "7.0.0" - }, - "tagline" : "You Know, for Search" -} From a3e8e4ef7f2c423bb2ce8bdaeb49e423b91d9017 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 15:05:02 +0100 Subject: [PATCH 02/10] Re-dump apache on 7.16.2 --- internal/dump/ingestpipelines.go | 5 + internal/dump/installedobjects.go | 2 +- internal/dump/installedobjects_test.go | 32 +- .../ilm_policies/logs.json | 13 +- .../ilm_policies/metrics.json | 34 +- .../index_templates/logs-apache.access.json | 18 +- .../index_templates/logs-apache.error.json | 15 +- .../elasticsearch-7-mock-dump-apache.yaml | 717 ++++++++++++++++++ ..._template-.fleet_component_template-1.json | 1 - ...nt_template-logs-apache.access@custom.json | 1 - ..._template-logs-apache.access@settings.json | 1 - ...ent_template-logs-apache.error@custom.json | 1 - ...t_template-logs-apache.error@settings.json | 1 - ...template-metrics-apache.status@custom.json | 1 - ...mplate-metrics-apache.status@settings.json | 1 - .../_ilm-policy-logs.json | 1 - .../_ilm-policy-metrics.json | 1 - .../_index_template-_-apache._.json | 1 - ...gest-pipeline-.fleet_final_pipeline-1.json | 1 - ...-logs-apache.access-1.3.4-third-party.json | 1 - ...est-pipeline-logs-apache.access-1.3.4.json | 1 - ...e-logs-apache.error-1.3.4-third-party.json | 1 - ...gest-pipeline-logs-apache.error-1.3.4.json | 1 - ...parameters%2Ctotal_feature_importance.json | 1 - ...parameters%2Ctotal_feature_importance.json | 1 - .../root.json | 17 - .../.fleet_component_template-1.json | 32 - .../logs-apache.access@custom.json | 15 - .../logs-apache.access@settings.json | 99 --- .../logs-apache.error@custom.json | 15 - .../logs-apache.error@settings.json | 88 --- .../metrics-apache.status@custom.json | 15 - .../metrics-apache.status@settings.json | 60 -- .../ilm_policies/logs.json | 45 -- .../ilm_policies/metrics.json | 51 -- .../index_templates/logs-apache.access.json | 545 ------------- .../index_templates/logs-apache.error.json | 500 ------------ .../metrics-apache.status.json | 510 ------------- .../.fleet_final_pipeline-1.json | 92 --- .../logs-apache.access-1.3.6-third-party.json | 74 -- .../logs-apache.access-1.3.6.json | 209 ----- .../logs-apache.error-1.3.6-third-party.json | 74 -- .../logs-apache.error-1.3.6.json | 197 ----- .../ml_models/dga_1611725_2.0.json | 259 ------- ..._template-.fleet_component_template-1.json | 1 - ...nt_template-logs-apache.access@custom.json | 1 - ..._template-logs-apache.access@settings.json | 1 - ...ent_template-logs-apache.error@custom.json | 1 - ...t_template-logs-apache.error@settings.json | 1 - ...template-metrics-apache.status@custom.json | 1 - ...mplate-metrics-apache.status@settings.json | 1 - .../_ilm-policy-logs.json | 1 - .../_ilm-policy-metrics.json | 1 - .../_index_template-_-apache._.json | 1 - ...gest-pipeline-.fleet_final_pipeline-1.json | 1 - ...-logs-apache.access-1.3.6-third-party.json | 1 - ...est-pipeline-logs-apache.access-1.3.6.json | 1 - ...e-logs-apache.error-1.3.6-third-party.json | 1 - ...gest-pipeline-logs-apache.error-1.3.6.json | 1 - ...parameters%2Ctotal_feature_importance.json | 1 - ...parameters%2Ctotal_feature_importance.json | 1 - .../root.json | 17 - .../_index_template-_-dga._.json | 1 - ...parameters%2Ctotal_feature_importance.json | 1 - .../elasticsearch-8-mock-dump-dga/root.json | 17 - 65 files changed, 788 insertions(+), 3015 deletions(-) create mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache.yaml delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-.fleet_component_template-1.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-logs.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-metrics.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_index_template-_-apache._.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4-third-party.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4-third-party.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json delete mode 100644 internal/dump/testdata/elasticsearch-7-mock-dump-apache/root.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json delete mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json delete mode 100644 internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-.fleet_component_template-1.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@custom.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@settings.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-logs.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-metrics.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_index_template-_-apache._.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6-third-party.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6-third-party.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache/root.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-dga/_index_template-_-dga._.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-dga/_ml-trained_models-dga___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json delete mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-dga/root.json diff --git a/internal/dump/ingestpipelines.go b/internal/dump/ingestpipelines.go index 5e17b1ffa7..77a534b443 100644 --- a/internal/dump/ingestpipelines.go +++ b/internal/dump/ingestpipelines.go @@ -9,6 +9,7 @@ import ( "encoding/json" "fmt" "io" + "net/http" "slices" "github.com/elastic/elastic-package/internal/elasticsearch" @@ -71,6 +72,10 @@ func getIngestPipelineByID(ctx context.Context, api *elasticsearch.API, id strin } defer resp.Body.Close() + // Ingest templates referenced by other templates may not exist. + if resp.StatusCode == http.StatusNotFound { + return nil, nil + } if resp.IsError() { return nil, fmt.Errorf("failed to get ingest pipeline %s: %s", id, resp.String()) } diff --git a/internal/dump/installedobjects.go b/internal/dump/installedobjects.go index f7c57185ac..cdc4d746a1 100644 --- a/internal/dump/installedobjects.go +++ b/internal/dump/installedobjects.go @@ -223,7 +223,7 @@ func (e *InstalledObjectsDumper) getIngestPipelines(ctx context.Context) ([]Inge names := getIngestPipelinesFromTemplates(templates) ingestPipelines, err := getIngestPipelines(ctx, e.client, names...) if err != nil { - return nil, fmt.Errorf("failed to get ingest pipelines: %w", err) + return nil, fmt.Errorf("failed to get ingest pipelines from templates: %w", err) } e.ingestPipelines = ingestPipelines } diff --git a/internal/dump/installedobjects_test.go b/internal/dump/installedobjects_test.go index 98657ac0b8..d6d43ad97b 100644 --- a/internal/dump/installedobjects_test.go +++ b/internal/dump/installedobjects_test.go @@ -33,19 +33,21 @@ func TestDumpInstalledObjects(t *testing.T) { suites := []*installedObjectsDumpSuite{ &installedObjectsDumpSuite{ PackageName: "apache", - RecordDir: "./testdata/elasticsearch-7-mock-dump-apache", + Record: "./testdata/elasticsearch-7-mock-dump-apache", DumpDir: "./testdata/elasticsearch-7-apache-dump-all", }, - &installedObjectsDumpSuite{ - PackageName: "apache", - RecordDir: "./testdata/elasticsearch-8-mock-dump-apache", - DumpDir: "./testdata/elasticsearch-8-apache-dump-all", - }, - &installedObjectsDumpSuite{ - PackageName: "dga", - RecordDir: "./testdata/elasticsearch-8-mock-dump-dga", - DumpDir: "./testdata/elasticsearch-8-dga-dump-all", - }, + /* + &installedObjectsDumpSuite{ + PackageName: "apache", + Record: "./testdata/elasticsearch-8-mock-dump-apache", + DumpDir: "./testdata/elasticsearch-8-apache-dump-all", + }, + &installedObjectsDumpSuite{ + PackageName: "dga", + Record: "./testdata/elasticsearch-8-mock-dump-dga", + DumpDir: "./testdata/elasticsearch-8-dga-dump-all", + }, + */ } for _, s := range suites { @@ -59,8 +61,8 @@ type installedObjectsDumpSuite struct { // PackageName is the name of the package. PackageName string - // RecordDir is where responses from Elasticsearch are recorded. - RecordDir string + // Record is where responses from Elasticsearch are recorded. + Record string // DumpDir is where the expected dumped files are stored. DumpDir string @@ -82,7 +84,7 @@ func (s *installedObjectsDumpSuite) SetupTest() { } func (s *installedObjectsDumpSuite) TestDumpAll() { - client := estest.NewClient(s.T(), s.RecordDir) + client := estest.NewClient(s.T(), s.Record) outputDir := s.T().TempDir() dumper := NewInstalledObjectsDumper(client.API, s.PackageName) @@ -99,7 +101,7 @@ func (s *installedObjectsDumpSuite) TestDumpAll() { } func (s *installedObjectsDumpSuite) TestDumpSome() { - client := estest.NewClient(s.T(), s.RecordDir) + client := estest.NewClient(s.T(), s.Record) dumper := NewInstalledObjectsDumper(client.API, s.PackageName) // In a map so order of execution is randomized. diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json index 65680aca2c..66ae87ef6a 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json @@ -1,6 +1,6 @@ { "version": 1, - "modified_date": "2022-01-25T18:01:46.058Z", + "modified_date": "2023-11-27T13:55:33.162Z", "policy": { "phases": { "hot": { @@ -20,10 +20,10 @@ }, "in_use_by": { "indices": [ - ".ds-logs-elastic_agent-default-2022.01.25-000001", - ".ds-logs-elastic_agent.metricbeat-default-2022.01.25-000001", - ".ds-logs-elastic_agent.filebeat-default-2022.01.25-000001", - ".ds-logs-elastic_agent.fleet_server-default-2022.01.25-000001" + ".ds-logs-elastic_agent.metricbeat-default-2023.11.27-000001", + ".ds-logs-elastic_agent.fleet_server-default-2023.11.27-000001", + ".ds-logs-elastic_agent.filebeat-default-2023.11.27-000001", + ".ds-logs-elastic_agent-default-2023.11.27-000001" ], "data_streams": [ "logs-elastic_agent-default", @@ -33,12 +33,15 @@ ], "composable_templates": [ "logs-apache.access", + "logs-elastic_agent.cloudbeat", "logs-elastic_agent.apm_server", + "logs-elastic_agent.cloud_defend", "logs-system.security", "logs-system.auth", "logs-elastic_agent.metricbeat", "logs-elastic_agent.filebeat", "logs-elastic_agent.packetbeat", + "logs-elastic_agent.filebeat_input", "logs-elastic_agent.endpoint_security", "logs-elastic_agent.fleet_server", "logs-apache.error", diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json index ef39cae8a6..c12fdf1f50 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json @@ -1,6 +1,6 @@ { "version": 1, - "modified_date": "2022-01-25T18:01:48.410Z", + "modified_date": "2023-11-27T13:55:33.210Z", "policy": { "phases": { "hot": { @@ -20,21 +20,21 @@ }, "in_use_by": { "indices": [ - ".ds-metrics-system.socket_summary-default-2022.01.25-000001", - ".ds-metrics-system.cpu-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.metricbeat-default-2022.01.25-000001", - ".ds-metrics-system.uptime-default-2022.01.25-000001", - ".ds-metrics-system.process-default-2022.01.25-000001", - ".ds-metrics-system.memory-default-2022.01.25-000001", - ".ds-metrics-system.diskio-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.fleet_server-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.filebeat-default-2022.01.25-000001", - ".ds-metrics-system.load-default-2022.01.25-000001", - ".ds-metrics-system.process.summary-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.elastic_agent-default-2022.01.25-000001", - ".ds-metrics-system.filesystem-default-2022.01.25-000001", - ".ds-metrics-system.network-default-2022.01.25-000001", - ".ds-metrics-system.fsstat-default-2022.01.25-000001" + ".ds-metrics-system.process.summary-default-2023.11.27-000001", + ".ds-metrics-system.fsstat-default-2023.11.27-000001", + ".ds-metrics-system.uptime-default-2023.11.27-000001", + ".ds-metrics-system.network-default-2023.11.27-000001", + ".ds-metrics-system.filesystem-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.elastic_agent-default-2023.11.27-000001", + ".ds-metrics-system.socket_summary-default-2023.11.27-000001", + ".ds-metrics-system.diskio-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.filebeat-default-2023.11.27-000001", + ".ds-metrics-system.process-default-2023.11.27-000001", + ".ds-metrics-system.cpu-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.fleet_server-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.metricbeat-default-2023.11.27-000001", + ".ds-metrics-system.memory-default-2023.11.27-000001", + ".ds-metrics-system.load-default-2023.11.27-000001" ], "data_streams": [ "metrics-system.filesystem-default", @@ -68,11 +68,13 @@ "metrics-system.load", "metrics-system.core", "metrics-elastic_agent.filebeat", + "metrics-elastic_agent.filebeat_input", "metrics-system.uptime", "metrics-system.process.summary", "metrics-system.cpu", "metrics-elastic_agent.heartbeat", "metrics-system.diskio", + "metrics-elastic_agent.cloudbeat", "metrics-elastic_agent.metricbeat", "metrics-elastic_agent.auditbeat", "metrics-system.network", diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json index 4762804096..9e5936000b 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json @@ -137,7 +137,8 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } } @@ -267,7 +268,8 @@ "properties": { "path": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } }, @@ -468,7 +470,8 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } }, @@ -476,13 +479,15 @@ "properties": { "original": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} }, "os": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} }, "version": { "ignore_above": 1024, @@ -490,7 +495,8 @@ }, "full": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } }, diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json index 779b5d8ee8..33748c52d7 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json @@ -129,7 +129,8 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } } @@ -258,7 +259,8 @@ "properties": { "path": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } }, @@ -436,7 +438,8 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } }, @@ -444,13 +447,15 @@ "properties": { "original": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} }, "os": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword" + "type": "keyword", + "fields": {} } } }, diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache.yaml b/internal/dump/testdata/elasticsearch-7-mock-dump-apache.yaml new file mode 100644 index 0000000000..acafd7bac3 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-7-mock-dump-apache.yaml @@ -0,0 +1,717 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/ + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 545 + uncompressed: false + body: | + { + "name" : "8342dac6ee38", + "cluster_name" : "elasticsearch", + "cluster_uuid" : "SU93KHrmS8OHbarblnhy-g", + "version" : { + "number" : "7.16.2", + "build_flavor" : "default", + "build_type" : "docker", + "build_hash" : "2b937c44140b6559905130a8650c64dbd0879cfb", + "build_date" : "2021-12-18T19:42:46.604893745Z", + "build_snapshot" : false, + "lucene_version" : "8.10.1", + "minimum_wire_compatibility_version" : "6.8.0", + "minimum_index_compatibility_version" : "6.0.0-beta1" + }, + "tagline" : "You Know, for Search" + } + headers: + Content-Length: + - "545" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 3.640457ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-apache.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 15969 + uncompressed: false + body: '{"index_templates":[{"name":"logs-apache.error","index_template":{"index_patterns":["logs-apache.error-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.error-1.3.4"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}}}},"address":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"type":"wildcard"},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword","fields":{}}}},"apache":{"properties":{"error":{"properties":{"module":{"ignore_above":1024,"type":"keyword"}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.error"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword","fields":{}},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}}}}}}},"composed_of":["logs-apache.error@settings","logs-apache.error@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"data_stream":{"hidden":false}}},{"name":"logs-apache.access","index_template":{"index_patterns":["logs-apache.access-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.access-1.3.4"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"destination":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}}}},"address":{"ignore_above":1024,"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"type":"wildcard"},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword","fields":{}}}},"apache":{"properties":{"access":{"properties":{"ssl":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"protocol":{"ignore_above":1024,"type":"keyword"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.access"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword","fields":{}},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}},"version":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"type":"keyword","fields":{}}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}}}}},"composed_of":["logs-apache.access@settings","logs-apache.access@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"data_stream":{"hidden":false}}},{"name":"metrics-apache.status","index_template":{"index_patterns":["metrics-apache.status-*"],"template":{"settings":{},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"@timestamp":{"type":"date"},"apache":{"properties":{"status":{"properties":{"bytes_per_request":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"properties":{"1":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"15":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"5":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"bytes_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"total_bytes":{"meta":{"unit":"byte","metric_type":"counter"},"type":"long"},"cpu":{"properties":{"system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"total_accesses":{"meta":{"metric_type":"counter"},"type":"long"},"scoreboard":{"properties":{"total":{"meta":{"metric_type":"gauge"},"type":"long"},"keepalive":{"meta":{"metric_type":"gauge"},"type":"long"},"idle_cleanup":{"meta":{"metric_type":"gauge"},"type":"long"},"waiting_for_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"logging":{"meta":{"metric_type":"gauge"},"type":"long"},"gracefully_finishing":{"meta":{"metric_type":"gauge"},"type":"long"},"open_slot":{"meta":{"metric_type":"gauge"},"type":"long"},"dns_lookup":{"meta":{"metric_type":"gauge"},"type":"long"},"sending_reply":{"meta":{"metric_type":"gauge"},"type":"long"},"closing_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"starting_up":{"meta":{"metric_type":"gauge"},"type":"long"},"reading_request":{"meta":{"metric_type":"gauge"},"type":"long"}}},"workers":{"properties":{"idle":{"meta":{"metric_type":"gauge"},"type":"long"},"busy":{"meta":{"metric_type":"gauge"},"type":"long"}}},"connections":{"properties":{"async":{"properties":{"closing":{"meta":{"metric_type":"gauge"},"type":"long"},"writing":{"meta":{"metric_type":"gauge"},"type":"long"},"keep_alive":{"meta":{"metric_type":"gauge"},"type":"long"}}},"total":{"meta":{"metric_type":"counter"},"type":"long"}}},"requests_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"uptime":{"properties":{"server_uptime":{"meta":{"metric_type":"counter"},"type":"long"},"uptime":{"meta":{"metric_type":"counter"},"type":"long"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"service":{"properties":{"address":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"module":{"type":"constant_keyword","value":"apache"},"dataset":{"type":"constant_keyword","value":"apache.status"}}},"error":{"properties":{"message":{"type":"match_only_text"}}}}}},"composed_of":["metrics-apache.status@settings","metrics-apache.status@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"data_stream":{"hidden":false}}}]}' + headers: + Content-Length: + - "15969" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 803.374µs + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.error@settings + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1306 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.error@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","tags","ecs.version","event.category","event.kind","event.timezone","event.type","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.name","user_agent.original","user_agent.os.name","apache.error.module"]}}}},"_meta":{"package":{"name":"apache"}}}}]}' + headers: + Content-Length: + - "1306" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 325.514µs + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.error@custom + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 149 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.error@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"}}}}]}' + headers: + Content-Length: + - "149" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 259.991µs + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/.fleet_component_template-1 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 393 + uncompressed: false + body: '{"component_templates":[{"name":".fleet_component_template-1","component_template":{"template":{"settings":{"index":{"final_pipeline":".fleet_final_pipeline-1"}},"mappings":{"properties":{"event":{"properties":{"agent_id_status":{"ignore_above":1024,"type":"keyword"},"ingested":{"format":"strict_date_time_no_millis||strict_date_optional_time||epoch_millis","type":"date"}}}}}},"_meta":{}}}]}' + headers: + Content-Length: + - "393" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 347.417µs + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.access@settings + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1559 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.access@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","destination.domain","ecs.version","event.category","event.kind","event.outcome","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.domain","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","tls.cipher","tls.version","tls.version_protocol","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.device.name","user_agent.name","user_agent.name","user_agent.original","user_agent.original","user_agent.os.full","user_agent.os.name","user_agent.os.name","user_agent.os.version","user_agent.version","apache.access.ssl.protocol","apache.access.ssl.cipher"]}}}},"_meta":{"package":{"name":"apache"}}}}]}' + headers: + Content-Length: + - "1559" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 257.04µs + - id: 6 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.access@custom + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 150 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.access@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"}}}}]}' + headers: + Content-Length: + - "150" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 241.005µs + - id: 7 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/metrics-apache.status@settings + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 789 + uncompressed: false + body: '{"component_templates":[{"name":"metrics-apache.status@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"metrics"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","ecs.version","service.address","service.type"]}}}},"_meta":{"package":{"name":"apache"}}}}]}' + headers: + Content-Length: + - "789" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 264.377µs + - id: 8 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/metrics-apache.status@custom + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 153 + uncompressed: false + body: '{"component_templates":[{"name":"metrics-apache.status@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"}}}}]}' + headers: + Content-Length: + - "153" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 315.098µs + - id: 9 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ilm/policy/logs + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1316 + uncompressed: false + body: '{"logs":{"version":1,"modified_date":"2023-11-27T13:55:33.162Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the logs index template installed by x-pack"}},"in_use_by":{"indices":[".ds-logs-elastic_agent.metricbeat-default-2023.11.27-000001",".ds-logs-elastic_agent.fleet_server-default-2023.11.27-000001",".ds-logs-elastic_agent.filebeat-default-2023.11.27-000001",".ds-logs-elastic_agent-default-2023.11.27-000001"],"data_streams":["logs-elastic_agent-default","logs-elastic_agent.metricbeat-default","logs-elastic_agent.filebeat-default","logs-elastic_agent.fleet_server-default"],"composable_templates":["logs-apache.access","logs-elastic_agent.cloudbeat","logs-elastic_agent.apm_server","logs-elastic_agent.cloud_defend","logs-system.security","logs-system.auth","logs-elastic_agent.metricbeat","logs-elastic_agent.filebeat","logs-elastic_agent.packetbeat","logs-elastic_agent.filebeat_input","logs-elastic_agent.endpoint_security","logs-elastic_agent.fleet_server","logs-apache.error","logs-system.system","logs-system.application","logs-elastic_agent.osquerybeat","logs-elastic_agent.heartbeat","logs-system.syslog","logs-elastic_agent.auditbeat","logs","logs-elastic_agent"]}}}' + headers: + Content-Length: + - "1316" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.292625ms + - id: 10 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ilm/policy/metrics + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 2552 + uncompressed: false + body: '{"metrics":{"version":1,"modified_date":"2023-11-27T13:55:33.210Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the metrics index template installed by x-pack"}},"in_use_by":{"indices":[".ds-metrics-system.process.summary-default-2023.11.27-000001",".ds-metrics-system.fsstat-default-2023.11.27-000001",".ds-metrics-system.uptime-default-2023.11.27-000001",".ds-metrics-system.network-default-2023.11.27-000001",".ds-metrics-system.filesystem-default-2023.11.27-000001",".ds-metrics-elastic_agent.elastic_agent-default-2023.11.27-000001",".ds-metrics-system.socket_summary-default-2023.11.27-000001",".ds-metrics-system.diskio-default-2023.11.27-000001",".ds-metrics-elastic_agent.filebeat-default-2023.11.27-000001",".ds-metrics-system.process-default-2023.11.27-000001",".ds-metrics-system.cpu-default-2023.11.27-000001",".ds-metrics-elastic_agent.fleet_server-default-2023.11.27-000001",".ds-metrics-elastic_agent.metricbeat-default-2023.11.27-000001",".ds-metrics-system.memory-default-2023.11.27-000001",".ds-metrics-system.load-default-2023.11.27-000001"],"data_streams":["metrics-system.filesystem-default","metrics-system.cpu-default","metrics-system.process.summary-default","metrics-system.memory-default","metrics-elastic_agent.fleet_server-default","metrics-system.uptime-default","metrics-elastic_agent.elastic_agent-default","metrics-elastic_agent.metricbeat-default","metrics-system.fsstat-default","metrics-system.process-default","metrics-elastic_agent.filebeat-default","metrics-system.network-default","metrics-system.diskio-default","metrics-system.load-default","metrics-system.socket_summary-default"],"composable_templates":["metrics-system.process","metrics-elastic_agent.packetbeat","metrics-system.fsstat","metrics-elastic_agent.osquerybeat","metrics-elastic_agent.endpoint_security","metrics-elastic_agent.apm_server","metrics-system.memory","metrics-system.socket_summary","metrics-apache.status","metrics-elastic_agent.elastic_agent","metrics-elastic_agent.fleet_server","metrics-system.load","metrics-system.core","metrics-elastic_agent.filebeat","metrics-elastic_agent.filebeat_input","metrics-system.uptime","metrics-system.process.summary","metrics-system.cpu","metrics-elastic_agent.heartbeat","metrics-system.diskio","metrics-elastic_agent.cloudbeat","metrics-elastic_agent.metricbeat","metrics-elastic_agent.auditbeat","metrics-system.network","metrics-system.filesystem","metrics"]}}}' + headers: + Content-Length: + - "2552" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.250469ms + - id: 11 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.error-1.3.4 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 3693 + uncompressed: false + body: '{"logs-apache.error-1.3.4":{"description":"Pipeline for parsing apache error logs","processors":[{"pipeline":{"if":"ctx.message.startsWith(''{'')","name":"logs-apache.error-1.3.4-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}","\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}"],"pattern_definitions":{"APACHE_LOGLEVEL":"%{LOGLEVEL}[0-9]*","APACHE_TIME":"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"},"ignore_missing":true}},{"grok":{"field":"message","patterns":["File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}","File does not exist: %{URIPATH:file.path}"],"ignore_missing":true,"ignore_failure":true}},{"date":{"if":"ctx.event.timezone == null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"date":{"if":"ctx.event.timezone != null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"timezone":"{{ event.timezone }}","on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"remove":{"field":"apache.error.timestamp","ignore_failure":true}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"script":{"if":"ctx?.log?.level != null","lang":"painless","source":"def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"convert":{"field":"source.port","type":"long","ignore_missing":true}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains(''preserve_original_event''))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}}' + headers: + Content-Length: + - "3693" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 754.413µs + - id: 12 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.access-1.3.4 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 4500 + uncompressed: false + body: '{"logs-apache.access-1.3.4":{"description":"Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.","processors":[{"pipeline":{"if":"ctx.message.startsWith(''{'')","name":"logs-apache.access-1.3.4-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -","\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})"],"ignore_missing":true}},{"uri_parts":{"field":"_tmp.url_orig","ignore_failure":true}},{"remove":{"field":["_tmp"],"ignore_missing":true}},{"set":{"field":"url.domain","value":"{{destination.domain}}","if":"ctx.url?.domain == null && ctx.destination?.domain != null"}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"set":{"field":"event.outcome","value":"success","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"}},{"set":{"field":"event.outcome","value":"failure","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"remove":{"field":"event.created","ignore_missing":true,"ignore_failure":true}},{"rename":{"field":"@timestamp","target_field":"event.created"}},{"date":{"field":"apache.access.time","target_field":"@timestamp","formats":["dd/MMM/yyyy:H:m:s Z"],"ignore_failure":true}},{"remove":{"field":"apache.access.time","ignore_failure":true}},{"user_agent":{"field":"user_agent.original","ignore_failure":true}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"set":{"field":"tls.cipher","value":"{{apache.access.ssl.cipher}}","if":"ctx?.apache?.access?.ssl?.cipher != null"}},{"script":{"lang":"painless","if":"ctx?.apache?.access?.ssl?.protocol != null","source":"def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];"}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains(''preserve_original_event''))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}}' + headers: + Content-Length: + - "4500" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 521.734µs + - id: 13 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/.fleet_final_pipeline-1 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 2865 + uncompressed: false + body: '{".fleet_final_pipeline-1":{"version":1,"description":"Final pipeline for processing all incoming Fleet Agent documents.\n","processors":[{"set":{"description":"Add time when event was ingested.","field":"event.ingested","copy_from":"_ingest.timestamp"}},{"script":{"description":"Remove sub-seconds from event.ingested to improve storage efficiency.","tag":"truncate-subseconds-event-ingested","source":"ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);","ignore_failure":true}},{"remove":{"description":"Remove any pre-existing untrusted values.","field":["event.agent_id_status","_security"],"ignore_missing":true}},{"set_security_user":{"field":"_security","properties":["authentication_type","username","realm","api_key"]}},{"script":{"description":"Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n","tag":"agent-id-status","source":"boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != ''API_KEY''\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);","params":{"trusted_users":[{"username":"elastic/fleet-server","realm":"_service_account"},{"username":"cloud-internal-agent-server","realm":"found"},{"username":"elastic","realm":"reserved"}]}}},{"remove":{"field":"_security","ignore_missing":true}}],"on_failure":[{"remove":{"field":"_security","ignore_missing":true,"ignore_failure":true}},{"append":{"field":"error.message","value":["failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}"]}}]}}' + headers: + Content-Length: + - "2865" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 394.152µs + - id: 14 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.error-1.3.4-third-party + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1047 + uncompressed: false + body: '{"logs-apache.error-1.3.4-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}]}}' + headers: + Content-Length: + - "1047" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 314.524µs + - id: 15 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.access-1.3.4-third-party + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1048 + uncompressed: false + body: '{"logs-apache.access-1.3.4-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}]}}' + headers: + Content-Length: + - "1048" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 364.107µs + - id: 16 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ml/trained_models/apache_*?decompress_definition=false&include=definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 38 + uncompressed: false + body: '{"count":0,"trained_model_configs":[]}' + headers: + Content-Length: + - "38" + Content-Type: + - application/json; charset=UTF-8 + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.04779ms diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-.fleet_component_template-1.json deleted file mode 100644 index 232213b5ab..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-.fleet_component_template-1.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":".fleet_component_template-1","component_template":{"template":{"settings":{"index":{"final_pipeline":".fleet_final_pipeline-1"}},"mappings":{"properties":{"event":{"properties":{"agent_id_status":{"ignore_above":1024,"type":"keyword"},"ingested":{"format":"strict_date_time_no_millis||strict_date_optional_time||epoch_millis","type":"date"}}}}}},"_meta":{}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@custom.json deleted file mode 100644 index df2500c990..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@custom.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.access@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"}}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@settings.json deleted file mode 100644 index 8dc73a42c8..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.access@settings.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.access@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","destination.domain","ecs.version","event.category","event.kind","event.outcome","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.domain","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","tls.cipher","tls.version","tls.version_protocol","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.device.name","user_agent.name","user_agent.name","user_agent.original","user_agent.original","user_agent.os.full","user_agent.os.name","user_agent.os.name","user_agent.os.version","user_agent.version","apache.access.ssl.protocol","apache.access.ssl.cipher"]}}}},"_meta":{"package":{"name":"apache"}}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@custom.json deleted file mode 100644 index 35e124c44c..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@custom.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.error@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"}}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@settings.json deleted file mode 100644 index 102eb5b43f..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-logs-apache.error@settings.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.error@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","tags","ecs.version","event.category","event.kind","event.timezone","event.type","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.name","user_agent.original","user_agent.os.name","apache.error.module"]}}}},"_meta":{"package":{"name":"apache"}}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@custom.json deleted file mode 100644 index 7625328b80..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@custom.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"metrics-apache.status@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"}}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@settings.json deleted file mode 100644 index 3f9e51c1f5..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_component_template-metrics-apache.status@settings.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"metrics-apache.status@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"metrics"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","ecs.version","service.address","service.type"]}}}},"_meta":{"package":{"name":"apache"}}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-logs.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-logs.json deleted file mode 100644 index ce27b88d92..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-logs.json +++ /dev/null @@ -1 +0,0 @@ -{"logs":{"version":1,"modified_date":"2022-01-25T18:01:46.058Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the logs index template installed by x-pack"}},"in_use_by":{"indices":[".ds-logs-elastic_agent-default-2022.01.25-000001",".ds-logs-elastic_agent.metricbeat-default-2022.01.25-000001",".ds-logs-elastic_agent.filebeat-default-2022.01.25-000001",".ds-logs-elastic_agent.fleet_server-default-2022.01.25-000001"],"data_streams":["logs-elastic_agent-default","logs-elastic_agent.metricbeat-default","logs-elastic_agent.filebeat-default","logs-elastic_agent.fleet_server-default"],"composable_templates":["logs-apache.access","logs-elastic_agent.apm_server","logs-system.security","logs-system.auth","logs-elastic_agent.metricbeat","logs-elastic_agent.filebeat","logs-elastic_agent.packetbeat","logs-elastic_agent.endpoint_security","logs-elastic_agent.fleet_server","logs-apache.error","logs-system.system","logs-system.application","logs-elastic_agent.osquerybeat","logs-elastic_agent.heartbeat","logs-system.syslog","logs-elastic_agent.auditbeat","logs","logs-elastic_agent"]}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-metrics.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-metrics.json deleted file mode 100644 index 8b97998db5..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ilm-policy-metrics.json +++ /dev/null @@ -1 +0,0 @@ -{"metrics":{"version":1,"modified_date":"2022-01-25T18:01:48.410Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the metrics index template installed by x-pack"}},"in_use_by":{"indices":[".ds-metrics-system.socket_summary-default-2022.01.25-000001",".ds-metrics-system.cpu-default-2022.01.25-000001",".ds-metrics-elastic_agent.metricbeat-default-2022.01.25-000001",".ds-metrics-system.uptime-default-2022.01.25-000001",".ds-metrics-system.process-default-2022.01.25-000001",".ds-metrics-system.memory-default-2022.01.25-000001",".ds-metrics-system.diskio-default-2022.01.25-000001",".ds-metrics-elastic_agent.fleet_server-default-2022.01.25-000001",".ds-metrics-elastic_agent.filebeat-default-2022.01.25-000001",".ds-metrics-system.load-default-2022.01.25-000001",".ds-metrics-system.process.summary-default-2022.01.25-000001",".ds-metrics-elastic_agent.elastic_agent-default-2022.01.25-000001",".ds-metrics-system.filesystem-default-2022.01.25-000001",".ds-metrics-system.network-default-2022.01.25-000001",".ds-metrics-system.fsstat-default-2022.01.25-000001"],"data_streams":["metrics-system.filesystem-default","metrics-system.cpu-default","metrics-system.process.summary-default","metrics-system.memory-default","metrics-elastic_agent.fleet_server-default","metrics-system.uptime-default","metrics-elastic_agent.elastic_agent-default","metrics-elastic_agent.metricbeat-default","metrics-system.fsstat-default","metrics-system.process-default","metrics-elastic_agent.filebeat-default","metrics-system.network-default","metrics-system.diskio-default","metrics-system.load-default","metrics-system.socket_summary-default"],"composable_templates":["metrics-system.process","metrics-elastic_agent.packetbeat","metrics-system.fsstat","metrics-elastic_agent.osquerybeat","metrics-elastic_agent.endpoint_security","metrics-elastic_agent.apm_server","metrics-system.memory","metrics-system.socket_summary","metrics-apache.status","metrics-elastic_agent.elastic_agent","metrics-elastic_agent.fleet_server","metrics-system.load","metrics-system.core","metrics-elastic_agent.filebeat","metrics-system.uptime","metrics-system.process.summary","metrics-system.cpu","metrics-elastic_agent.heartbeat","metrics-system.diskio","metrics-elastic_agent.metricbeat","metrics-elastic_agent.auditbeat","metrics-system.network","metrics-system.filesystem","metrics"]}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_index_template-_-apache._.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_index_template-_-apache._.json deleted file mode 100644 index c9d52b9da0..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_index_template-_-apache._.json +++ /dev/null @@ -1 +0,0 @@ -{"index_templates":[{"name":"logs-apache.error","index_template":{"index_patterns":["logs-apache.error-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.error-1.3.4"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}}}},"address":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"type":"wildcard"},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"apache":{"properties":{"error":{"properties":{"module":{"ignore_above":1024,"type":"keyword"}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.error"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}}}}}}},"composed_of":["logs-apache.error@settings","logs-apache.error@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"data_stream":{"hidden":false}}},{"name":"logs-apache.access","index_template":{"index_patterns":["logs-apache.access-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.access-1.3.4"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"destination":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}}}},"address":{"ignore_above":1024,"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"type":"wildcard"},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"apache":{"properties":{"access":{"properties":{"ssl":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"protocol":{"ignore_above":1024,"type":"keyword"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.access"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}}}}},"composed_of":["logs-apache.access@settings","logs-apache.access@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"data_stream":{"hidden":false}}},{"name":"metrics-apache.status","index_template":{"index_patterns":["metrics-apache.status-*"],"template":{"settings":{},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"@timestamp":{"type":"date"},"apache":{"properties":{"status":{"properties":{"bytes_per_request":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"properties":{"1":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"15":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"5":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"bytes_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"total_bytes":{"meta":{"unit":"byte","metric_type":"counter"},"type":"long"},"cpu":{"properties":{"system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"total_accesses":{"meta":{"metric_type":"counter"},"type":"long"},"scoreboard":{"properties":{"total":{"meta":{"metric_type":"gauge"},"type":"long"},"keepalive":{"meta":{"metric_type":"gauge"},"type":"long"},"idle_cleanup":{"meta":{"metric_type":"gauge"},"type":"long"},"waiting_for_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"logging":{"meta":{"metric_type":"gauge"},"type":"long"},"gracefully_finishing":{"meta":{"metric_type":"gauge"},"type":"long"},"open_slot":{"meta":{"metric_type":"gauge"},"type":"long"},"dns_lookup":{"meta":{"metric_type":"gauge"},"type":"long"},"sending_reply":{"meta":{"metric_type":"gauge"},"type":"long"},"closing_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"starting_up":{"meta":{"metric_type":"gauge"},"type":"long"},"reading_request":{"meta":{"metric_type":"gauge"},"type":"long"}}},"workers":{"properties":{"idle":{"meta":{"metric_type":"gauge"},"type":"long"},"busy":{"meta":{"metric_type":"gauge"},"type":"long"}}},"connections":{"properties":{"async":{"properties":{"closing":{"meta":{"metric_type":"gauge"},"type":"long"},"writing":{"meta":{"metric_type":"gauge"},"type":"long"},"keep_alive":{"meta":{"metric_type":"gauge"},"type":"long"}}},"total":{"meta":{"metric_type":"counter"},"type":"long"}}},"requests_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"uptime":{"properties":{"server_uptime":{"meta":{"metric_type":"counter"},"type":"long"},"uptime":{"meta":{"metric_type":"counter"},"type":"long"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"service":{"properties":{"address":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"module":{"type":"constant_keyword","value":"apache"},"dataset":{"type":"constant_keyword","value":"apache.status"}}},"error":{"properties":{"message":{"type":"match_only_text"}}}}}},"composed_of":["metrics-apache.status@settings","metrics-apache.status@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"ingest-manager","managed":true},"data_stream":{"hidden":false}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json deleted file mode 100644 index 8f90a89abe..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json +++ /dev/null @@ -1 +0,0 @@ -{".fleet_final_pipeline-1":{"version":1,"description":"Final pipeline for processing all incoming Fleet Agent documents.\n","processors":[{"set":{"description":"Add time when event was ingested.","field":"event.ingested","copy_from":"_ingest.timestamp"}},{"script":{"description":"Remove sub-seconds from event.ingested to improve storage efficiency.","tag":"truncate-subseconds-event-ingested","source":"ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);","ignore_failure":true}},{"remove":{"description":"Remove any pre-existing untrusted values.","field":["event.agent_id_status","_security"],"ignore_missing":true}},{"set_security_user":{"field":"_security","properties":["authentication_type","username","realm","api_key"]}},{"script":{"description":"Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n","tag":"agent-id-status","source":"boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);","params":{"trusted_users":[{"username":"elastic/fleet-server","realm":"_service_account"},{"username":"cloud-internal-agent-server","realm":"found"},{"username":"elastic","realm":"reserved"}]}}},{"remove":{"field":"_security","ignore_missing":true}}],"on_failure":[{"remove":{"field":"_security","ignore_missing":true,"ignore_failure":true}},{"append":{"field":"error.message","value":["failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}"]}}]}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4-third-party.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4-third-party.json deleted file mode 100644 index aceb75d417..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4-third-party.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.access-1.3.4-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}]}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4.json deleted file mode 100644 index 5de9ab7bed..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.4.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.access-1.3.4":{"description":"Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.","processors":[{"pipeline":{"if":"ctx.message.startsWith('{')","name":"logs-apache.access-1.3.4-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -","\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})"],"ignore_missing":true}},{"uri_parts":{"field":"_tmp.url_orig","ignore_failure":true}},{"remove":{"field":["_tmp"],"ignore_missing":true}},{"set":{"field":"url.domain","value":"{{destination.domain}}","if":"ctx.url?.domain == null && ctx.destination?.domain != null"}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"set":{"field":"event.outcome","value":"success","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"}},{"set":{"field":"event.outcome","value":"failure","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"remove":{"field":"event.created","ignore_missing":true,"ignore_failure":true}},{"rename":{"field":"@timestamp","target_field":"event.created"}},{"date":{"field":"apache.access.time","target_field":"@timestamp","formats":["dd/MMM/yyyy:H:m:s Z"],"ignore_failure":true}},{"remove":{"field":"apache.access.time","ignore_failure":true}},{"user_agent":{"field":"user_agent.original","ignore_failure":true}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"set":{"field":"tls.cipher","value":"{{apache.access.ssl.cipher}}","if":"ctx?.apache?.access?.ssl?.cipher != null"}},{"script":{"lang":"painless","if":"ctx?.apache?.access?.ssl?.protocol != null","source":"def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];"}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4-third-party.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4-third-party.json deleted file mode 100644 index 39b66d95b3..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4-third-party.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.error-1.3.4-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}]}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4.json deleted file mode 100644 index 3603634d0c..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.4.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.error-1.3.4":{"description":"Pipeline for parsing apache error logs","processors":[{"pipeline":{"if":"ctx.message.startsWith('{')","name":"logs-apache.error-1.3.4-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}","\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}"],"pattern_definitions":{"APACHE_LOGLEVEL":"%{LOGLEVEL}[0-9]*","APACHE_TIME":"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"},"ignore_missing":true}},{"grok":{"field":"message","patterns":["File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}","File does not exist: %{URIPATH:file.path}"],"ignore_missing":true,"ignore_failure":true}},{"date":{"if":"ctx.event.timezone == null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"date":{"if":"ctx.event.timezone != null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"timezone":"{{ event.timezone }}","on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"remove":{"field":"apache.error.timestamp","ignore_failure":true}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"script":{"if":"ctx?.log?.level != null","lang":"painless","source":"def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"convert":{"field":"source.port","type":"long","ignore_missing":true}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json deleted file mode 100644 index 5d11489c2f..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json +++ /dev/null @@ -1 +0,0 @@ -{"count":0,"trained_model_configs":[]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json deleted file mode 100644 index 5d11489c2f..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json +++ /dev/null @@ -1 +0,0 @@ -{"count":0,"trained_model_configs":[]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/root.json b/internal/dump/testdata/elasticsearch-7-mock-dump-apache/root.json deleted file mode 100644 index a9e8367c5c..0000000000 --- a/internal/dump/testdata/elasticsearch-7-mock-dump-apache/root.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name" : "5535c267b580", - "cluster_name" : "elasticsearch", - "cluster_uuid" : "kOEZpuRNRq-ypP9sLaiUjQ", - "version" : { - "number" : "7.16.2", - "build_flavor" : "default", - "build_type" : "docker", - "build_hash" : "2b937c44140b6559905130a8650c64dbd0879cfb", - "build_date" : "2021-12-18T19:42:46.604893745Z", - "build_snapshot" : false, - "lucene_version" : "8.10.1", - "minimum_wire_compatibility_version" : "6.8.0", - "minimum_index_compatibility_version" : "6.0.0-beta1" - }, - "tagline" : "You Know, for Search" -} diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json deleted file mode 100644 index d6283b3f2f..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "name": ".fleet_component_template-1", - "component_template": { - "template": { - "settings": { - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } - } - } - } - } - }, - "_meta": { - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json deleted file mode 100644 index cc43b53202..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "name": "logs-apache.access@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json deleted file mode 100644 index 547e96d54d..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "name": "logs-apache.access@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "destination.domain", - "ecs.version", - "event.category", - "event.kind", - "event.outcome", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "tls.cipher", - "tls.version", - "tls.version_protocol", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.name", - "user_agent.original", - "user_agent.original", - "user_agent.os.full", - "user_agent.os.name", - "user_agent.os.name", - "user_agent.os.version", - "user_agent.version", - "apache.access.ssl.protocol", - "apache.access.ssl.cipher" - ] - } - } - } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json deleted file mode 100644 index 7297f02da2..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "name": "logs-apache.error@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json deleted file mode 100644 index fcfcfd233a..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "name": "logs-apache.error@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "tags", - "ecs.version", - "event.category", - "event.kind", - "event.timezone", - "event.type", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original", - "user_agent.os.name", - "apache.error.module" - ] - } - } - } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json deleted file mode 100644 index cabce84636..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "name": "metrics-apache.status@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json deleted file mode 100644 index c878ce03f7..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "name": "metrics-apache.status@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "ecs.version", - "service.address", - "service.type" - ] - } - } - } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json deleted file mode 100644 index 0260e14f61..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "version": 1, - "modified_date": "2022-04-06T15:40:04.029Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } - } - } - }, - "_meta": { - "managed": true, - "description": "default policy for the logs index template installed by x-pack" - } - }, - "in_use_by": { - "indices": [], - "data_streams": [], - "composable_templates": [ - "logs-apache.access", - "logs-elastic_agent.apm_server", - "logs-system.security", - "logs-system.auth", - "logs-elastic_agent.metricbeat", - "logs-elastic_agent.filebeat", - "logs-elastic_agent.packetbeat", - "logs-elastic_agent.endpoint_security", - "logs-elastic_agent.fleet_server", - "logs-apache.error", - "logs-system.system", - "logs-system.application", - "logs-elastic_agent.osquerybeat", - "logs-elastic_agent.heartbeat", - "logs-system.syslog", - "logs-elastic_agent.auditbeat", - "logs", - "logs-elastic_agent" - ] - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json deleted file mode 100644 index aea99c4d51..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "version": 1, - "modified_date": "2022-04-06T15:40:04.332Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } - } - } - }, - "_meta": { - "managed": true, - "description": "default policy for the metrics index template installed by x-pack" - } - }, - "in_use_by": { - "indices": [], - "data_streams": [], - "composable_templates": [ - "metrics-system.process", - "metrics-elastic_agent.packetbeat", - "metrics-system.fsstat", - "metrics-elastic_agent.osquerybeat", - "metrics-elastic_agent.endpoint_security", - "metrics-elastic_agent.apm_server", - "metrics-system.memory", - "metrics-system.socket_summary", - "metrics-apache.status", - "metrics-elastic_agent.elastic_agent", - "metrics-elastic_agent.fleet_server", - "metrics-system.load", - "metrics-system.core", - "metrics-elastic_agent.filebeat", - "metrics-system.uptime", - "metrics-system.process.summary", - "metrics-system.cpu", - "metrics-elastic_agent.heartbeat", - "metrics-system.diskio", - "metrics-elastic_agent.metricbeat", - "metrics-elastic_agent.auditbeat", - "metrics-system.network", - "metrics-system.filesystem", - "metrics" - ] - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json deleted file mode 100644 index 219cff1e53..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json +++ /dev/null @@ -1,545 +0,0 @@ -{ - "name": "logs-apache.access", - "index_template": { - "index_patterns": [ - "logs-apache.access-*" - ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.access-1.3.6" - } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "wildcard", - "fields": {} - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "apache": { - "properties": { - "access": { - "properties": { - "ssl": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "created": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.access" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - }, - "composed_of": [ - "logs-apache.access@settings", - "logs-apache.access@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json deleted file mode 100644 index 78912bfdec..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json +++ /dev/null @@ -1,500 +0,0 @@ -{ - "name": "logs-apache.error", - "index_template": { - "index_patterns": [ - "logs-apache.error-*" - ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.error-1.3.6" - } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "wildcard", - "fields": {} - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "apache": { - "properties": { - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.error" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - } - }, - "composed_of": [ - "logs-apache.error@settings", - "logs-apache.error@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json deleted file mode 100644 index d35ade5571..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json +++ /dev/null @@ -1,510 +0,0 @@ -{ - "name": "metrics-apache.status", - "index_template": { - "index_patterns": [ - "metrics-apache.status-*" - ], - "template": { - "settings": {}, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "apache": { - "properties": { - "status": { - "properties": { - "bytes_per_request": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "properties": { - "1": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "15": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "5": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "bytes_per_sec": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total_bytes": { - "meta": { - "unit": "byte", - "metric_type": "counter" - }, - "type": "long" - }, - "cpu": { - "properties": { - "system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "total_accesses": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "scoreboard": { - "properties": { - "total": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keepalive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "idle_cleanup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "waiting_for_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "logging": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "gracefully_finishing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "open_slot": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "dns_lookup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "sending_reply": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "closing_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "starting_up": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "reading_request": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "workers": { - "properties": { - "idle": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "busy": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "connections": { - "properties": { - "async": { - "properties": { - "closing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "writing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keep_alive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - }, - "requests_per_sec": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "uptime": { - "properties": { - "server_uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.status" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - } - } - } - }, - "composed_of": [ - "metrics-apache.status@settings", - "metrics-apache.status@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json deleted file mode 100644 index ff7d6617e8..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "version": 2, - "_meta": { - "managed_by": "fleet", - "managed": true - }, - "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", - "processors": [ - { - "set": { - "description": "Add time when event was ingested.", - "field": "event.ingested", - "copy_from": "_ingest.timestamp" - } - }, - { - "script": { - "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", - "tag": "truncate-subseconds-event-ingested", - "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", - "ignore_failure": true - } - }, - { - "remove": { - "description": "Remove any pre-existing untrusted values.", - "field": [ - "event.agent_id_status", - "_security" - ], - "ignore_missing": true - } - }, - { - "set_security_user": { - "field": "_security", - "properties": [ - "authentication_type", - "username", - "realm", - "api_key" - ] - } - }, - { - "script": { - "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", - "tag": "agent-id-status", - "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", - "params": { - "trusted_users": [ - { - "username": "elastic/fleet-server", - "realm": "_service_account" - }, - { - "username": "cloud-internal-agent-server", - "realm": "found" - }, - { - "username": "elastic", - "realm": "reserved" - } - ] - } - } - }, - { - "remove": { - "field": "_security", - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "remove": { - "field": "_security", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "append": { - "field": "error.message", - "value": [ - "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" - ] - } - } - ] -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json deleted file mode 100644 index 6e00011198..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json deleted file mode 100644 index 4faa9950f5..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json +++ /dev/null @@ -1,209 +0,0 @@ -{ - "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.access-1.3.6-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", - "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" - ], - "ignore_missing": true - } - }, - { - "uri_parts": { - "field": "_tmp.url_orig", - "ignore_failure": true - } - }, - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_missing": true - } - }, - { - "set": { - "field": "url.domain", - "value": "{{destination.domain}}", - "if": "ctx.url?.domain == null && ctx.destination?.domain != null" - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "set": { - "field": "event.outcome", - "value": "success", - "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" - } - }, - { - "set": { - "field": "event.outcome", - "value": "failure", - "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "remove": { - "field": "event.created", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "date": { - "field": "apache.access.time", - "target_field": "@timestamp", - "formats": [ - "dd/MMM/yyyy:H:m:s Z" - ], - "ignore_failure": true - } - }, - { - "remove": { - "field": "apache.access.time", - "ignore_failure": true - } - }, - { - "user_agent": { - "field": "user_agent.original", - "ignore_failure": true - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "set": { - "field": "tls.cipher", - "value": "{{apache.access.ssl.cipher}}", - "if": "ctx?.apache?.access?.ssl?.cipher != null" - } - }, - { - "script": { - "lang": "painless", - "if": "ctx?.apache?.access?.ssl?.protocol != null", - "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json deleted file mode 100644 index 6e00011198..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json deleted file mode 100644 index 979cb41edf..0000000000 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json +++ /dev/null @@ -1,197 +0,0 @@ -{ - "description": "Pipeline for parsing apache error logs", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.error-1.3.6-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" - ], - "pattern_definitions": { - "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", - "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" - }, - "ignore_missing": true - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", - "File does not exist: %{URIPATH:file.path}" - ], - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "date": { - "if": "ctx.event.timezone == null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "date": { - "if": "ctx.event.timezone != null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "timezone": "{{ event.timezone }}", - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "remove": { - "field": "apache.error.timestamp", - "ignore_failure": true - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "script": { - "if": "ctx?.log?.level != null", - "lang": "painless", - "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "convert": { - "field": "source.port", - "type": "long", - "ignore_missing": true - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } -} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json b/internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json deleted file mode 100644 index dbcb19c8a0..0000000000 --- a/internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "model_id": "dga_1611725_2.0", - "model_type": "tree_ensemble", - "created_by": "api_user", - "version": "8.9.0", - "create_time": 1699476967200, - "model_size_bytes": 246784104, - "estimated_operations": 0, - "license_level": "platinum", - "description": "Model used to detect domain generation algorithm (DGA) activity in your network data.", - "compressed_definition": "//REDACTED//", - "tags": [ - "packetbeat-7.10.0-2021-03-10_expanded_8_analysis" - ], - "metadata": { - "analytics_config": { - "max_num_threads": 8, - "create_time": 1615403883977, - "model_memory_limit": "6gb", - "allow_lazy_start": false, - "description": "", - "analyzed_fields": { - "excludes": [], - "includes": [ - "f.*", - "dns.response_code", - "malicious" - ] - }, - "id": "packetbeat-7.10.0-2021-03-10_expanded_8_analysis", - "source": { - "query": { - "match_all": {} - }, - "index": [ - "packetbeat-7.10.0-2021-03-10_expanded" - ] - }, - "analysis": { - "classification": { - "randomize_seed": 1, - "dependent_variable": "malicious", - "num_top_classes": 2, - "training_percent": 100.0, - "class_assignment_objective": "maximize_minimum_recall", - "prediction_field_name": "malicious_prediction" - } - }, - "dest": { - "index": "packetbeat-7.10.0-2021-03-10_expanded_8_analysis", - "results_field": "ml" - }, - "version": "7.11.0" - } - }, - "input": { - "field_names": [ - "dns.response_code", - "f.b0", - "f.b1", - "f.b10", - "f.b11", - "f.b12", - "f.b13", - "f.b14", - "f.b15", - "f.b16", - "f.b17", - "f.b18", - "f.b19", - "f.b2", - "f.b20", - "f.b21", - "f.b22", - "f.b23", - "f.b24", - "f.b25", - "f.b26", - "f.b27", - "f.b28", - "f.b29", - "f.b3", - "f.b30", - "f.b31", - "f.b32", - "f.b33", - "f.b34", - "f.b35", - "f.b36", - "f.b37", - "f.b38", - "f.b39", - "f.b4", - "f.b40", - "f.b41", - "f.b42", - "f.b43", - "f.b44", - "f.b45", - "f.b46", - "f.b47", - "f.b48", - "f.b49", - "f.b5", - "f.b50", - "f.b51", - "f.b52", - "f.b53", - "f.b54", - "f.b55", - "f.b56", - "f.b57", - "f.b58", - "f.b59", - "f.b6", - "f.b60", - "f.b7", - "f.b8", - "f.b9", - "f.t0", - "f.t1", - "f.t10", - "f.t11", - "f.t12", - "f.t13", - "f.t14", - "f.t15", - "f.t16", - "f.t17", - "f.t18", - "f.t19", - "f.t2", - "f.t20", - "f.t21", - "f.t22", - "f.t23", - "f.t24", - "f.t25", - "f.t26", - "f.t27", - "f.t28", - "f.t29", - "f.t3", - "f.t30", - "f.t31", - "f.t32", - "f.t33", - "f.t34", - "f.t35", - "f.t36", - "f.t37", - "f.t38", - "f.t39", - "f.t4", - "f.t40", - "f.t41", - "f.t42", - "f.t43", - "f.t44", - "f.t45", - "f.t46", - "f.t47", - "f.t48", - "f.t49", - "f.t5", - "f.t50", - "f.t51", - "f.t52", - "f.t53", - "f.t54", - "f.t55", - "f.t56", - "f.t57", - "f.t58", - "f.t59", - "f.t6", - "f.t7", - "f.t8", - "f.t9", - "f.tld", - "f.u0", - "f.u1", - "f.u10", - "f.u11", - "f.u12", - "f.u13", - "f.u14", - "f.u15", - "f.u16", - "f.u17", - "f.u18", - "f.u19", - "f.u2", - "f.u20", - "f.u21", - "f.u22", - "f.u23", - "f.u24", - "f.u25", - "f.u26", - "f.u27", - "f.u28", - "f.u29", - "f.u3", - "f.u30", - "f.u31", - "f.u32", - "f.u33", - "f.u34", - "f.u35", - "f.u36", - "f.u37", - "f.u38", - "f.u39", - "f.u4", - "f.u40", - "f.u41", - "f.u42", - "f.u43", - "f.u44", - "f.u45", - "f.u46", - "f.u47", - "f.u48", - "f.u49", - "f.u5", - "f.u50", - "f.u51", - "f.u52", - "f.u53", - "f.u54", - "f.u55", - "f.u56", - "f.u57", - "f.u58", - "f.u59", - "f.u6", - "f.u60", - "f.u61", - "f.u7", - "f.u8", - "f.u9" - ] - }, - "inference_config": { - "classification": { - "num_top_classes": 2, - "top_classes_results_field": "top_classes", - "results_field": "malicious_prediction", - "num_top_feature_importance_values": 0, - "prediction_field_type": "number" - } - }, - "location": { - "index": { - "name": ".ml-inference-000005" - } - } -} diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-.fleet_component_template-1.json deleted file mode 100644 index 7786f403ad..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-.fleet_component_template-1.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":".fleet_component_template-1","component_template":{"template":{"settings":{"index":{"final_pipeline":".fleet_final_pipeline-1"}},"mappings":{"properties":{"event":{"properties":{"agent_id_status":{"ignore_above":1024,"type":"keyword"},"ingested":{"format":"strict_date_time_no_millis||strict_date_optional_time||epoch_millis","type":"date"}}}}}},"_meta":{"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@custom.json deleted file mode 100644 index 58c5daabab..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@custom.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.access@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@settings.json deleted file mode 100644 index fa26896e12..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.access@settings.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.access@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","destination.domain","ecs.version","event.category","event.kind","event.outcome","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.domain","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","tls.cipher","tls.version","tls.version_protocol","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.device.name","user_agent.name","user_agent.name","user_agent.original","user_agent.original","user_agent.os.full","user_agent.os.name","user_agent.os.name","user_agent.os.version","user_agent.version","apache.access.ssl.protocol","apache.access.ssl.cipher"]}}}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@custom.json deleted file mode 100644 index a4ba32476f..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@custom.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.error@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@settings.json deleted file mode 100644 index 96df1c743f..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-logs-apache.error@settings.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"logs-apache.error@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","tags","ecs.version","event.category","event.kind","event.timezone","event.type","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.name","user_agent.original","user_agent.os.name","apache.error.module"]}}}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@custom.json deleted file mode 100644 index e06d5d32e8..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@custom.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"metrics-apache.status@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@settings.json deleted file mode 100644 index 09db718a43..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_component_template-metrics-apache.status@settings.json +++ /dev/null @@ -1 +0,0 @@ -{"component_templates":[{"name":"metrics-apache.status@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"metrics"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","ecs.version","service.address","service.type"]}}}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-logs.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-logs.json deleted file mode 100644 index 5c8c4969fd..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-logs.json +++ /dev/null @@ -1 +0,0 @@ -{"logs":{"version":1,"modified_date":"2022-04-06T15:40:04.029Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the logs index template installed by x-pack"}},"in_use_by":{"indices":[],"data_streams":[],"composable_templates":["logs-apache.access","logs-elastic_agent.apm_server","logs-system.security","logs-system.auth","logs-elastic_agent.metricbeat","logs-elastic_agent.filebeat","logs-elastic_agent.packetbeat","logs-elastic_agent.endpoint_security","logs-elastic_agent.fleet_server","logs-apache.error","logs-system.system","logs-system.application","logs-elastic_agent.osquerybeat","logs-elastic_agent.heartbeat","logs-system.syslog","logs-elastic_agent.auditbeat","logs","logs-elastic_agent"]}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-metrics.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-metrics.json deleted file mode 100644 index ed94c94c78..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ilm-policy-metrics.json +++ /dev/null @@ -1 +0,0 @@ -{"metrics":{"version":1,"modified_date":"2022-04-06T15:40:04.332Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the metrics index template installed by x-pack"}},"in_use_by":{"indices":[],"data_streams":[],"composable_templates":["metrics-system.process","metrics-elastic_agent.packetbeat","metrics-system.fsstat","metrics-elastic_agent.osquerybeat","metrics-elastic_agent.endpoint_security","metrics-elastic_agent.apm_server","metrics-system.memory","metrics-system.socket_summary","metrics-apache.status","metrics-elastic_agent.elastic_agent","metrics-elastic_agent.fleet_server","metrics-system.load","metrics-system.core","metrics-elastic_agent.filebeat","metrics-system.uptime","metrics-system.process.summary","metrics-system.cpu","metrics-elastic_agent.heartbeat","metrics-system.diskio","metrics-elastic_agent.metricbeat","metrics-elastic_agent.auditbeat","metrics-system.network","metrics-system.filesystem","metrics"]}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_index_template-_-apache._.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_index_template-_-apache._.json deleted file mode 100644 index 4e02f27281..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_index_template-_-apache._.json +++ /dev/null @@ -1 +0,0 @@ -{"index_templates":[{"name":"logs-apache.error","index_template":{"index_patterns":["logs-apache.error-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.error-1.3.6"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}}}},"address":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"ignore_above":1024,"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"type":"wildcard","fields":{}},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword","fields":{}}}},"apache":{"properties":{"error":{"properties":{"module":{"ignore_above":1024,"type":"keyword"}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.error"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword","fields":{}},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}}}}}}},"composed_of":["logs-apache.error@settings","logs-apache.error@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"data_stream":{"hidden":false,"allow_custom_routing":false}}},{"name":"logs-apache.access","index_template":{"index_patterns":["logs-apache.access-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.access-1.3.6"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"destination":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}}}},"address":{"ignore_above":1024,"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"ignore_above":1024,"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"type":"wildcard","fields":{}},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword","fields":{}}}},"apache":{"properties":{"access":{"properties":{"ssl":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"protocol":{"ignore_above":1024,"type":"keyword"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.access"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword","fields":{}},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}},"version":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"type":"keyword","fields":{}}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}}}}},"composed_of":["logs-apache.access@settings","logs-apache.access@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"data_stream":{"hidden":false,"allow_custom_routing":false}}},{"name":"metrics-apache.status","index_template":{"index_patterns":["metrics-apache.status-*"],"template":{"settings":{},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"@timestamp":{"type":"date"},"apache":{"properties":{"status":{"properties":{"bytes_per_request":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"properties":{"1":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"15":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"5":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"bytes_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"total_bytes":{"meta":{"unit":"byte","metric_type":"counter"},"type":"long"},"cpu":{"properties":{"system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"total_accesses":{"meta":{"metric_type":"counter"},"type":"long"},"scoreboard":{"properties":{"total":{"meta":{"metric_type":"gauge"},"type":"long"},"keepalive":{"meta":{"metric_type":"gauge"},"type":"long"},"idle_cleanup":{"meta":{"metric_type":"gauge"},"type":"long"},"waiting_for_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"logging":{"meta":{"metric_type":"gauge"},"type":"long"},"gracefully_finishing":{"meta":{"metric_type":"gauge"},"type":"long"},"open_slot":{"meta":{"metric_type":"gauge"},"type":"long"},"dns_lookup":{"meta":{"metric_type":"gauge"},"type":"long"},"sending_reply":{"meta":{"metric_type":"gauge"},"type":"long"},"closing_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"starting_up":{"meta":{"metric_type":"gauge"},"type":"long"},"reading_request":{"meta":{"metric_type":"gauge"},"type":"long"}}},"workers":{"properties":{"idle":{"meta":{"metric_type":"gauge"},"type":"long"},"busy":{"meta":{"metric_type":"gauge"},"type":"long"}}},"connections":{"properties":{"async":{"properties":{"closing":{"meta":{"metric_type":"gauge"},"type":"long"},"writing":{"meta":{"metric_type":"gauge"},"type":"long"},"keep_alive":{"meta":{"metric_type":"gauge"},"type":"long"}}},"total":{"meta":{"metric_type":"counter"},"type":"long"}}},"requests_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"uptime":{"properties":{"server_uptime":{"meta":{"metric_type":"counter"},"type":"long"},"uptime":{"meta":{"metric_type":"counter"},"type":"long"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"service":{"properties":{"address":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"module":{"type":"constant_keyword","value":"apache"},"dataset":{"type":"constant_keyword","value":"apache.status"}}},"error":{"properties":{"message":{"type":"match_only_text"}}}}}},"composed_of":["metrics-apache.status@settings","metrics-apache.status@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"data_stream":{"hidden":false,"allow_custom_routing":false}}}]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json deleted file mode 100644 index 2c546a7767..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-.fleet_final_pipeline-1.json +++ /dev/null @@ -1 +0,0 @@ -{".fleet_final_pipeline-1":{"version":2,"_meta":{"managed_by":"fleet","managed":true},"description":"Final pipeline for processing all incoming Fleet Agent documents.\n","processors":[{"set":{"description":"Add time when event was ingested.","field":"event.ingested","copy_from":"_ingest.timestamp"}},{"script":{"description":"Remove sub-seconds from event.ingested to improve storage efficiency.","tag":"truncate-subseconds-event-ingested","source":"ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);","ignore_failure":true}},{"remove":{"description":"Remove any pre-existing untrusted values.","field":["event.agent_id_status","_security"],"ignore_missing":true}},{"set_security_user":{"field":"_security","properties":["authentication_type","username","realm","api_key"]}},{"script":{"description":"Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n","tag":"agent-id-status","source":"boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);","params":{"trusted_users":[{"username":"elastic/fleet-server","realm":"_service_account"},{"username":"cloud-internal-agent-server","realm":"found"},{"username":"elastic","realm":"reserved"}]}}},{"remove":{"field":"_security","ignore_missing":true}}],"on_failure":[{"remove":{"field":"_security","ignore_missing":true,"ignore_failure":true}},{"append":{"field":"error.message","value":["failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}"]}}]}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6-third-party.json deleted file mode 100644 index 284e4fde72..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6-third-party.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.access-1.3.6-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6.json deleted file mode 100644 index 3a70437c72..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.access-1.3.6.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.access-1.3.6":{"description":"Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.","processors":[{"pipeline":{"if":"ctx.message.startsWith('{')","name":"logs-apache.access-1.3.6-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -","\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})"],"ignore_missing":true}},{"uri_parts":{"field":"_tmp.url_orig","ignore_failure":true}},{"remove":{"field":["_tmp"],"ignore_missing":true}},{"set":{"field":"url.domain","value":"{{destination.domain}}","if":"ctx.url?.domain == null && ctx.destination?.domain != null"}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"set":{"field":"event.outcome","value":"success","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"}},{"set":{"field":"event.outcome","value":"failure","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"remove":{"field":"event.created","ignore_missing":true,"ignore_failure":true}},{"rename":{"field":"@timestamp","target_field":"event.created"}},{"date":{"field":"apache.access.time","target_field":"@timestamp","formats":["dd/MMM/yyyy:H:m:s Z"],"ignore_failure":true}},{"remove":{"field":"apache.access.time","ignore_failure":true}},{"user_agent":{"field":"user_agent.original","ignore_failure":true}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"set":{"field":"tls.cipher","value":"{{apache.access.ssl.cipher}}","if":"ctx?.apache?.access?.ssl?.cipher != null"}},{"script":{"lang":"painless","if":"ctx?.apache?.access?.ssl?.protocol != null","source":"def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];"}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6-third-party.json deleted file mode 100644 index 1794fd2eb9..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6-third-party.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.error-1.3.6-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6.json deleted file mode 100644 index d2bd22f31b..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ingest-pipeline-logs-apache.error-1.3.6.json +++ /dev/null @@ -1 +0,0 @@ -{"logs-apache.error-1.3.6":{"description":"Pipeline for parsing apache error logs","processors":[{"pipeline":{"if":"ctx.message.startsWith('{')","name":"logs-apache.error-1.3.6-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}","\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}"],"pattern_definitions":{"APACHE_LOGLEVEL":"%{LOGLEVEL}[0-9]*","APACHE_TIME":"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"},"ignore_missing":true}},{"grok":{"field":"message","patterns":["File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}","File does not exist: %{URIPATH:file.path}"],"ignore_missing":true,"ignore_failure":true}},{"date":{"if":"ctx.event.timezone == null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"date":{"if":"ctx.event.timezone != null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"timezone":"{{ event.timezone }}","on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"remove":{"field":"apache.error.timestamp","ignore_failure":true}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"script":{"if":"ctx?.log?.level != null","lang":"painless","source":"def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"convert":{"field":"source.port","type":"long","ignore_missing":true}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json deleted file mode 100644 index 5d11489c2f..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json +++ /dev/null @@ -1 +0,0 @@ -{"count":0,"trained_model_configs":[]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json deleted file mode 100644 index 5d11489c2f..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/_ml-trained_models-apache___decompress_definition_false&include_feature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json +++ /dev/null @@ -1 +0,0 @@ -{"count":0,"trained_model_configs":[]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/root.json b/internal/dump/testdata/elasticsearch-8-mock-dump-apache/root.json deleted file mode 100644 index 2e45f2226b..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-apache/root.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name" : "fc2935e6b13c", - "cluster_name" : "elasticsearch", - "cluster_uuid" : "NX1JVCItRratMEXogOKYSQ", - "version" : { - "number" : "8.1.0", - "build_flavor" : "default", - "build_type" : "docker", - "build_hash" : "3700f7679f7d95e36da0b43762189bab189bc53a", - "build_date" : "2022-03-03T14:20:00.690422633Z", - "build_snapshot" : false, - "lucene_version" : "9.0.0", - "minimum_wire_compatibility_version" : "7.17.0", - "minimum_index_compatibility_version" : "7.0.0" - }, - "tagline" : "You Know, for Search" -} diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-dga/_index_template-_-dga._.json b/internal/dump/testdata/elasticsearch-8-mock-dump-dga/_index_template-_-dga._.json deleted file mode 100644 index e335955fc0..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-dga/_index_template-_-dga._.json +++ /dev/null @@ -1 +0,0 @@ -{"index_templates":[]} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-dga/_ml-trained_models-dga___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json b/internal/dump/testdata/elasticsearch-8-mock-dump-dga/_ml-trained_models-dga___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json deleted file mode 100644 index 9bd8a9681d..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-dga/_ml-trained_models-dga___decompress_definition_false&include_definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance.json +++ /dev/null @@ -1 +0,0 @@ -{"count":1,"trained_model_configs":[{"model_id":"dga_1611725_2.0","model_type":"tree_ensemble","created_by":"api_user","version":"8.9.0","create_time":1699476967200,"model_size_bytes":246784104,"estimated_operations":0,"license_level":"platinum","description":"Model used to detect domain generation algorithm (DGA) activity in your network data.","compressed_definition":"//REDACTED//","tags":["packetbeat-7.10.0-2021-03-10_expanded_8_analysis"],"metadata":{"analytics_config":{"max_num_threads":8,"create_time":1615403883977,"model_memory_limit":"6gb","allow_lazy_start":false,"description":"","analyzed_fields":{"excludes":[],"includes":["f.*","dns.response_code","malicious"]},"id":"packetbeat-7.10.0-2021-03-10_expanded_8_analysis","source":{"query":{"match_all":{}},"index":["packetbeat-7.10.0-2021-03-10_expanded"]},"analysis":{"classification":{"randomize_seed":1,"dependent_variable":"malicious","num_top_classes":2,"training_percent":100.0,"class_assignment_objective":"maximize_minimum_recall","prediction_field_name":"malicious_prediction"}},"dest":{"index":"packetbeat-7.10.0-2021-03-10_expanded_8_analysis","results_field":"ml"},"version":"7.11.0"}},"input":{"field_names":["dns.response_code","f.b0","f.b1","f.b10","f.b11","f.b12","f.b13","f.b14","f.b15","f.b16","f.b17","f.b18","f.b19","f.b2","f.b20","f.b21","f.b22","f.b23","f.b24","f.b25","f.b26","f.b27","f.b28","f.b29","f.b3","f.b30","f.b31","f.b32","f.b33","f.b34","f.b35","f.b36","f.b37","f.b38","f.b39","f.b4","f.b40","f.b41","f.b42","f.b43","f.b44","f.b45","f.b46","f.b47","f.b48","f.b49","f.b5","f.b50","f.b51","f.b52","f.b53","f.b54","f.b55","f.b56","f.b57","f.b58","f.b59","f.b6","f.b60","f.b7","f.b8","f.b9","f.t0","f.t1","f.t10","f.t11","f.t12","f.t13","f.t14","f.t15","f.t16","f.t17","f.t18","f.t19","f.t2","f.t20","f.t21","f.t22","f.t23","f.t24","f.t25","f.t26","f.t27","f.t28","f.t29","f.t3","f.t30","f.t31","f.t32","f.t33","f.t34","f.t35","f.t36","f.t37","f.t38","f.t39","f.t4","f.t40","f.t41","f.t42","f.t43","f.t44","f.t45","f.t46","f.t47","f.t48","f.t49","f.t5","f.t50","f.t51","f.t52","f.t53","f.t54","f.t55","f.t56","f.t57","f.t58","f.t59","f.t6","f.t7","f.t8","f.t9","f.tld","f.u0","f.u1","f.u10","f.u11","f.u12","f.u13","f.u14","f.u15","f.u16","f.u17","f.u18","f.u19","f.u2","f.u20","f.u21","f.u22","f.u23","f.u24","f.u25","f.u26","f.u27","f.u28","f.u29","f.u3","f.u30","f.u31","f.u32","f.u33","f.u34","f.u35","f.u36","f.u37","f.u38","f.u39","f.u4","f.u40","f.u41","f.u42","f.u43","f.u44","f.u45","f.u46","f.u47","f.u48","f.u49","f.u5","f.u50","f.u51","f.u52","f.u53","f.u54","f.u55","f.u56","f.u57","f.u58","f.u59","f.u6","f.u60","f.u61","f.u7","f.u8","f.u9"]},"inference_config":{"classification":{"num_top_classes":2,"top_classes_results_field":"top_classes","results_field":"malicious_prediction","num_top_feature_importance_values":0,"prediction_field_type":"number"}},"location":{"index":{"name":".ml-inference-000005"}}}]} diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-dga/root.json b/internal/dump/testdata/elasticsearch-8-mock-dump-dga/root.json deleted file mode 100644 index faee033935..0000000000 --- a/internal/dump/testdata/elasticsearch-8-mock-dump-dga/root.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name" : "1e7db0dba34c", - "cluster_name" : "elasticsearch", - "cluster_uuid" : "ZaTGsKIBRiejgFuEXWEmPg", - "version" : { - "number" : "8.9.0", - "build_flavor" : "default", - "build_type" : "docker", - "build_hash" : "8aa461beb06aa0417a231c345a1b8c38fb498a0d", - "build_date" : "2023-07-19T14:43:58.555259655Z", - "build_snapshot" : false, - "lucene_version" : "9.7.0", - "minimum_wire_compatibility_version" : "7.17.0", - "minimum_index_compatibility_version" : "7.0.0" - }, - "tagline" : "You Know, for Search" -} From 52677c815e23a1cb0f20da46048de0b831be0f23 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 16:52:37 +0100 Subject: [PATCH 03/10] Add missing error check --- internal/elasticsearch/test/httptest.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/elasticsearch/test/httptest.go b/internal/elasticsearch/test/httptest.go index 54c411fcb7..20cffb07e8 100644 --- a/internal/elasticsearch/test/httptest.go +++ b/internal/elasticsearch/test/httptest.go @@ -30,6 +30,7 @@ func NewClient(t *testing.T, serverDataDir string) *elasticsearch.Client { elasticsearch.OptionWithUsername(os.Getenv(stack.ElasticsearchUsernameEnv)), elasticsearch.OptionWithCertificateAuthority(os.Getenv(stack.CACertificateEnv)), ) + require.NoError(t, err) rec, err := recorder.NewWithOptions(&recorder.Options{ CassetteName: serverDataDir, From d4a929f4deafb06d43c4136f6ba4dc70b1aed465 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 17:40:47 +0100 Subject: [PATCH 04/10] Re-record dump of apache in elastic 8 --- internal/dump/installedobjects_test.go | 10 +- .../.fleet_component_template-1.json | 32 + .../logs-apache.access@custom.json | 15 + .../logs-apache.access@settings.json | 99 +++ .../logs-apache.error@custom.json | 15 + .../logs-apache.error@settings.json | 88 +++ .../metrics-apache.status@custom.json | 15 + .../metrics-apache.status@settings.json | 60 ++ .../ilm_policies/logs.json | 58 ++ .../ilm_policies/metrics.json | 85 +++ .../index_templates/logs-apache.access.json | 545 +++++++++++++ .../index_templates/logs-apache.error.json | 500 ++++++++++++ .../metrics-apache.status.json | 510 +++++++++++++ .../.fleet_final_pipeline-1.json | 92 +++ .../logs-apache.access-1.3.6-third-party.json | 74 ++ .../logs-apache.access-1.3.6.json | 209 +++++ .../logs-apache.error-1.3.6-third-party.json | 74 ++ .../logs-apache.error-1.3.6.json | 197 +++++ .../elasticsearch-8-mock-dump-apache.yaml | 717 ++++++++++++++++++ 19 files changed, 3390 insertions(+), 5 deletions(-) create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json create mode 100644 internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json create mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-apache.yaml diff --git a/internal/dump/installedobjects_test.go b/internal/dump/installedobjects_test.go index d6d43ad97b..439997e3a7 100644 --- a/internal/dump/installedobjects_test.go +++ b/internal/dump/installedobjects_test.go @@ -36,12 +36,12 @@ func TestDumpInstalledObjects(t *testing.T) { Record: "./testdata/elasticsearch-7-mock-dump-apache", DumpDir: "./testdata/elasticsearch-7-apache-dump-all", }, + &installedObjectsDumpSuite{ + PackageName: "apache", + Record: "./testdata/elasticsearch-8-mock-dump-apache", + DumpDir: "./testdata/elasticsearch-8-apache-dump-all", + }, /* - &installedObjectsDumpSuite{ - PackageName: "apache", - Record: "./testdata/elasticsearch-8-mock-dump-apache", - DumpDir: "./testdata/elasticsearch-8-apache-dump-all", - }, &installedObjectsDumpSuite{ PackageName: "dga", Record: "./testdata/elasticsearch-8-mock-dump-dga", diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json new file mode 100644 index 0000000000..d6283b3f2f --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json @@ -0,0 +1,32 @@ +{ + "name": ".fleet_component_template-1", + "component_template": { + "template": { + "settings": { + "index": { + "final_pipeline": ".fleet_final_pipeline-1" + } + }, + "mappings": { + "properties": { + "event": { + "properties": { + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", + "type": "date" + } + } + } + } + } + }, + "_meta": { + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json new file mode 100644 index 0000000000..cc43b53202 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json @@ -0,0 +1,15 @@ +{ + "name": "logs-apache.access@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json new file mode 100644 index 0000000000..547e96d54d --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json @@ -0,0 +1,99 @@ +{ + "name": "logs-apache.access@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "destination.domain", + "ecs.version", + "event.category", + "event.kind", + "event.outcome", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "tls.cipher", + "tls.version", + "tls.version_protocol", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.name", + "user_agent.original", + "user_agent.original", + "user_agent.os.full", + "user_agent.os.name", + "user_agent.os.name", + "user_agent.os.version", + "user_agent.version", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher" + ] + } + } + } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json new file mode 100644 index 0000000000..7297f02da2 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json @@ -0,0 +1,15 @@ +{ + "name": "logs-apache.error@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json new file mode 100644 index 0000000000..fcfcfd233a --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json @@ -0,0 +1,88 @@ +{ + "name": "logs-apache.error@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "tags", + "ecs.version", + "event.category", + "event.kind", + "event.timezone", + "event.type", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.name", + "apache.error.module" + ] + } + } + } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json new file mode 100644 index 0000000000..cabce84636 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json @@ -0,0 +1,15 @@ +{ + "name": "metrics-apache.status@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json new file mode 100644 index 0000000000..c878ce03f7 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json @@ -0,0 +1,60 @@ +{ + "name": "metrics-apache.status@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "metrics" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "ecs.version", + "service.address", + "service.type" + ] + } + } + } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json new file mode 100644 index 0000000000..b98c95afa2 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json @@ -0,0 +1,58 @@ +{ + "version": 1, + "modified_date": "2023-11-27T16:35:54.053Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } + } + } + }, + "_meta": { + "managed": true, + "description": "default policy for the logs index template installed by x-pack" + } + }, + "in_use_by": { + "indices": [ + ".ds-logs-elastic_agent.metricbeat-default-2023.11.27-000001", + ".ds-logs-elastic_agent.fleet_server-default-2023.11.27-000001", + ".ds-logs-elastic_agent.filebeat-default-2023.11.27-000001", + ".ds-logs-elastic_agent-default-2023.11.27-000001" + ], + "data_streams": [ + "logs-elastic_agent-default", + "logs-elastic_agent.metricbeat-default", + "logs-elastic_agent.filebeat-default", + "logs-elastic_agent.fleet_server-default" + ], + "composable_templates": [ + "logs-apache.access", + "logs-elastic_agent.cloudbeat", + "logs-elastic_agent.apm_server", + "logs-elastic_agent.cloud_defend", + "logs-system.security", + "logs-system.auth", + "logs-elastic_agent.metricbeat", + "logs-elastic_agent.filebeat", + "logs-elastic_agent.packetbeat", + "logs-elastic_agent.filebeat_input", + "logs-elastic_agent.endpoint_security", + "logs-elastic_agent.fleet_server", + "logs-apache.error", + "logs-system.system", + "logs-system.application", + "logs-elastic_agent.osquerybeat", + "logs-elastic_agent.heartbeat", + "logs-system.syslog", + "logs-elastic_agent.auditbeat", + "logs", + "logs-elastic_agent" + ] + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json new file mode 100644 index 0000000000..be9141951f --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json @@ -0,0 +1,85 @@ +{ + "version": 1, + "modified_date": "2023-11-27T16:35:54.011Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } + } + } + }, + "_meta": { + "managed": true, + "description": "default policy for the metrics index template installed by x-pack" + } + }, + "in_use_by": { + "indices": [ + ".ds-metrics-system.process.summary-default-2023.11.27-000001", + ".ds-metrics-system.fsstat-default-2023.11.27-000001", + ".ds-metrics-system.uptime-default-2023.11.27-000001", + ".ds-metrics-system.network-default-2023.11.27-000001", + ".ds-metrics-system.filesystem-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.elastic_agent-default-2023.11.27-000001", + ".ds-metrics-system.socket_summary-default-2023.11.27-000001", + ".ds-metrics-system.diskio-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.filebeat-default-2023.11.27-000001", + ".ds-metrics-system.process-default-2023.11.27-000001", + ".ds-metrics-system.cpu-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.metricbeat-default-2023.11.27-000001", + ".ds-metrics-elastic_agent.fleet_server-default-2023.11.27-000001", + ".ds-metrics-system.load-default-2023.11.27-000001", + ".ds-metrics-system.memory-default-2023.11.27-000001" + ], + "data_streams": [ + "metrics-system.filesystem-default", + "metrics-system.cpu-default", + "metrics-system.process.summary-default", + "metrics-system.memory-default", + "metrics-elastic_agent.fleet_server-default", + "metrics-system.uptime-default", + "metrics-elastic_agent.elastic_agent-default", + "metrics-elastic_agent.metricbeat-default", + "metrics-system.fsstat-default", + "metrics-system.process-default", + "metrics-elastic_agent.filebeat-default", + "metrics-system.network-default", + "metrics-system.diskio-default", + "metrics-system.load-default", + "metrics-system.socket_summary-default" + ], + "composable_templates": [ + "metrics-system.process", + "metrics-elastic_agent.packetbeat", + "metrics-system.fsstat", + "metrics-elastic_agent.osquerybeat", + "metrics-elastic_agent.endpoint_security", + "metrics-elastic_agent.apm_server", + "metrics-system.memory", + "metrics-system.socket_summary", + "metrics-apache.status", + "metrics-elastic_agent.elastic_agent", + "metrics-elastic_agent.fleet_server", + "metrics-system.load", + "metrics-system.core", + "metrics-elastic_agent.filebeat", + "metrics-elastic_agent.filebeat_input", + "metrics-system.uptime", + "metrics-system.process.summary", + "metrics-system.cpu", + "metrics-elastic_agent.heartbeat", + "metrics-system.diskio", + "metrics-elastic_agent.cloudbeat", + "metrics-elastic_agent.metricbeat", + "metrics-elastic_agent.auditbeat", + "metrics-system.network", + "metrics-system.filesystem", + "metrics" + ] + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json new file mode 100644 index 0000000000..219cff1e53 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json @@ -0,0 +1,545 @@ +{ + "name": "logs-apache.access", + "index_template": { + "index_patterns": [ + "logs-apache.access-*" + ], + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.access-1.3.6" + } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "date_detection": false, + "properties": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "wildcard", + "fields": {} + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "apache": { + "properties": { + "access": { + "properties": { + "ssl": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tls": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "version_protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "created": { + "type": "date" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.access" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + }, + "composed_of": [ + "logs-apache.access@settings", + "logs-apache.access@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json new file mode 100644 index 0000000000..78912bfdec --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json @@ -0,0 +1,500 @@ +{ + "name": "logs-apache.error", + "index_template": { + "index_patterns": [ + "logs-apache.error-*" + ], + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.error-1.3.6" + } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "date_detection": false, + "properties": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "wildcard", + "fields": {} + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "apache": { + "properties": { + "error": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.error" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + } + }, + "composed_of": [ + "logs-apache.error@settings", + "logs-apache.error@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json new file mode 100644 index 0000000000..d35ade5571 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json @@ -0,0 +1,510 @@ +{ + "name": "metrics-apache.status", + "index_template": { + "index_patterns": [ + "metrics-apache.status-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "date_detection": false, + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "@timestamp": { + "type": "date" + }, + "apache": { + "properties": { + "status": { + "properties": { + "bytes_per_request": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "properties": { + "1": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "15": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "5": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "bytes_per_sec": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total_bytes": { + "meta": { + "unit": "byte", + "metric_type": "counter" + }, + "type": "long" + }, + "cpu": { + "properties": { + "system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "total_accesses": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "scoreboard": { + "properties": { + "total": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keepalive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "idle_cleanup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "waiting_for_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "logging": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "gracefully_finishing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "open_slot": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "dns_lookup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "sending_reply": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "closing_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "starting_up": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "reading_request": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "workers": { + "properties": { + "idle": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "busy": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "connections": { + "properties": { + "async": { + "properties": { + "closing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "writing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keep_alive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "total": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + }, + "requests_per_sec": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "uptime": { + "properties": { + "server_uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "service": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.status" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + } + } + } + }, + "composed_of": [ + "metrics-apache.status@settings", + "metrics-apache.status@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json new file mode 100644 index 0000000000..ff7d6617e8 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json @@ -0,0 +1,92 @@ +{ + "version": 2, + "_meta": { + "managed_by": "fleet", + "managed": true + }, + "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", + "processors": [ + { + "set": { + "description": "Add time when event was ingested.", + "field": "event.ingested", + "copy_from": "_ingest.timestamp" + } + }, + { + "script": { + "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", + "tag": "truncate-subseconds-event-ingested", + "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", + "ignore_failure": true + } + }, + { + "remove": { + "description": "Remove any pre-existing untrusted values.", + "field": [ + "event.agent_id_status", + "_security" + ], + "ignore_missing": true + } + }, + { + "set_security_user": { + "field": "_security", + "properties": [ + "authentication_type", + "username", + "realm", + "api_key" + ] + } + }, + { + "script": { + "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", + "tag": "agent-id-status", + "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", + "params": { + "trusted_users": [ + { + "username": "elastic/fleet-server", + "realm": "_service_account" + }, + { + "username": "cloud-internal-agent-server", + "realm": "found" + }, + { + "username": "elastic", + "realm": "reserved" + } + ] + } + } + }, + { + "remove": { + "field": "_security", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "remove": { + "field": "_security", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "append": { + "field": "error.message", + "value": [ + "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" + ] + } + } + ] +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json new file mode 100644 index 0000000000..6e00011198 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json @@ -0,0 +1,74 @@ +{ + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json new file mode 100644 index 0000000000..4faa9950f5 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json @@ -0,0 +1,209 @@ +{ + "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.access-1.3.6-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", + "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" + ], + "ignore_missing": true + } + }, + { + "uri_parts": { + "field": "_tmp.url_orig", + "ignore_failure": true + } + }, + { + "remove": { + "field": [ + "_tmp" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "url.domain", + "value": "{{destination.domain}}", + "if": "ctx.url?.domain == null && ctx.destination?.domain != null" + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "set": { + "field": "event.outcome", + "value": "success", + "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" + } + }, + { + "set": { + "field": "event.outcome", + "value": "failure", + "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "remove": { + "field": "event.created", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "date": { + "field": "apache.access.time", + "target_field": "@timestamp", + "formats": [ + "dd/MMM/yyyy:H:m:s Z" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "apache.access.time", + "ignore_failure": true + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "set": { + "field": "tls.cipher", + "value": "{{apache.access.ssl.cipher}}", + "if": "ctx?.apache?.access?.ssl?.cipher != null" + } + }, + { + "script": { + "lang": "painless", + "if": "ctx?.apache?.access?.ssl?.protocol != null", + "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json new file mode 100644 index 0000000000..6e00011198 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json @@ -0,0 +1,74 @@ +{ + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json new file mode 100644 index 0000000000..979cb41edf --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json @@ -0,0 +1,197 @@ +{ + "description": "Pipeline for parsing apache error logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.error-1.3.6-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" + ], + "pattern_definitions": { + "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", + "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "ignore_missing": true + } + }, + { + "grok": { + "field": "message", + "patterns": [ + "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", + "File does not exist: %{URIPATH:file.path}" + ], + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "remove": { + "field": "apache.error.timestamp", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "script": { + "if": "ctx?.log?.level != null", + "lang": "painless", + "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "convert": { + "field": "source.port", + "type": "long", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } +} \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-apache.yaml b/internal/dump/testdata/elasticsearch-8-mock-dump-apache.yaml new file mode 100644 index 0000000000..092fa790e6 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-mock-dump-apache.yaml @@ -0,0 +1,717 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/ + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 538 + uncompressed: false + body: | + { + "name" : "f2d4529be9e6", + "cluster_name" : "elasticsearch", + "cluster_uuid" : "jzZs7URYRremBeTRiHjDNQ", + "version" : { + "number" : "8.1.0", + "build_flavor" : "default", + "build_type" : "docker", + "build_hash" : "3700f7679f7d95e36da0b43762189bab189bc53a", + "build_date" : "2022-03-03T14:20:00.690422633Z", + "build_snapshot" : false, + "lucene_version" : "9.0.0", + "minimum_wire_compatibility_version" : "7.17.0", + "minimum_index_compatibility_version" : "7.0.0" + }, + "tagline" : "You Know, for Search" + } + headers: + Content-Length: + - "538" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 4.245924ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-apache.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 16106 + uncompressed: false + body: '{"index_templates":[{"name":"logs-apache.error","index_template":{"index_patterns":["logs-apache.error-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.error-1.3.6"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}}}},"address":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"ignore_above":1024,"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"type":"wildcard","fields":{}},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword","fields":{}}}},"apache":{"properties":{"error":{"properties":{"module":{"ignore_above":1024,"type":"keyword"}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.error"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword","fields":{}},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}}}}}}},"composed_of":["logs-apache.error@settings","logs-apache.error@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"data_stream":{"hidden":false,"allow_custom_routing":false}}},{"name":"logs-apache.access","index_template":{"index_patterns":["logs-apache.access-*"],"template":{"settings":{"index":{"default_pipeline":"logs-apache.access-1.3.6"}},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"process":{"properties":{"pid":{"type":"long"},"thread":{"properties":{"id":{"type":"long"}}}}},"log":{"properties":{"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword"}}},"offset":{"type":"long"},"level":{"ignore_above":1024,"type":"keyword"}}},"destination":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}}}},"address":{"ignore_above":1024,"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"}}},"error":{"properties":{"message":{"type":"match_only_text"}}},"message":{"type":"match_only_text"},"url":{"properties":{"path":{"ignore_above":1024,"type":"wildcard"},"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"type":"wildcard","fields":{}},"domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"}}},"tags":{"ignore_above":1024,"type":"keyword"},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"input":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"@timestamp":{"type":"date"},"file":{"properties":{"path":{"ignore_above":1024,"type":"keyword","fields":{}}}},"apache":{"properties":{"access":{"properties":{"ssl":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"protocol":{"ignore_above":1024,"type":"keyword"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"}}},"response":{"properties":{"status_code":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"module":{"type":"constant_keyword","value":"apache"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"type":"constant_keyword","value":"apache.access"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"user":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"type":"keyword","fields":{}},"os":{"properties":{"name":{"ignore_above":1024,"type":"keyword","fields":{}},"version":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"type":"keyword","fields":{}}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}}}}},"composed_of":["logs-apache.access@settings","logs-apache.access@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"data_stream":{"hidden":false,"allow_custom_routing":false}}},{"name":"metrics-apache.status","index_template":{"index_patterns":["metrics-apache.status-*"],"template":{"settings":{},"mappings":{"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"dynamic_templates":[{"strings_as_keyword":{"mapping":{"ignore_above":1024,"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"image":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"project":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"@timestamp":{"type":"date"},"apache":{"properties":{"status":{"properties":{"bytes_per_request":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"properties":{"1":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"15":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"5":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"bytes_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"total_bytes":{"meta":{"unit":"byte","metric_type":"counter"},"type":"long"},"cpu":{"properties":{"system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"load":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_system":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"children_user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"user":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"}}},"total_accesses":{"meta":{"metric_type":"counter"},"type":"long"},"scoreboard":{"properties":{"total":{"meta":{"metric_type":"gauge"},"type":"long"},"keepalive":{"meta":{"metric_type":"gauge"},"type":"long"},"idle_cleanup":{"meta":{"metric_type":"gauge"},"type":"long"},"waiting_for_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"logging":{"meta":{"metric_type":"gauge"},"type":"long"},"gracefully_finishing":{"meta":{"metric_type":"gauge"},"type":"long"},"open_slot":{"meta":{"metric_type":"gauge"},"type":"long"},"dns_lookup":{"meta":{"metric_type":"gauge"},"type":"long"},"sending_reply":{"meta":{"metric_type":"gauge"},"type":"long"},"closing_connection":{"meta":{"metric_type":"gauge"},"type":"long"},"starting_up":{"meta":{"metric_type":"gauge"},"type":"long"},"reading_request":{"meta":{"metric_type":"gauge"},"type":"long"}}},"workers":{"properties":{"idle":{"meta":{"metric_type":"gauge"},"type":"long"},"busy":{"meta":{"metric_type":"gauge"},"type":"long"}}},"connections":{"properties":{"async":{"properties":{"closing":{"meta":{"metric_type":"gauge"},"type":"long"},"writing":{"meta":{"metric_type":"gauge"},"type":"long"},"keep_alive":{"meta":{"metric_type":"gauge"},"type":"long"}}},"total":{"meta":{"metric_type":"counter"},"type":"long"}}},"requests_per_sec":{"meta":{"metric_type":"gauge"},"scaling_factor":1000,"type":"scaled_float"},"uptime":{"properties":{"server_uptime":{"meta":{"metric_type":"counter"},"type":"long"},"uptime":{"meta":{"metric_type":"counter"},"type":"long"}}}}}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"data_stream":{"properties":{"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"},"dataset":{"type":"constant_keyword"}}},"service":{"properties":{"address":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"build":{"ignore_above":1024,"type":"keyword"},"kernel":{"ignore_above":1024,"type":"keyword"},"codename":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword","fields":{"text":{"type":"text"}}},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"containerized":{"type":"boolean"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"event":{"properties":{"module":{"type":"constant_keyword","value":"apache"},"dataset":{"type":"constant_keyword","value":"apache.status"}}},"error":{"properties":{"message":{"type":"match_only_text"}}}}}},"composed_of":["metrics-apache.status@settings","metrics-apache.status@custom",".fleet_component_template-1"],"priority":200,"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true},"data_stream":{"hidden":false,"allow_custom_routing":false}}}]}' + headers: + Content-Length: + - "16106" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.497043ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.error@settings + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1342 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.error@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","tags","ecs.version","event.category","event.kind","event.timezone","event.type","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.name","user_agent.original","user_agent.os.name","apache.error.module"]}}}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "1342" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 513.497µs + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.error@custom + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 185 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.error@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "185" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 369.89µs + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/.fleet_component_template-1 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 428 + uncompressed: false + body: '{"component_templates":[{"name":".fleet_component_template-1","component_template":{"template":{"settings":{"index":{"final_pipeline":".fleet_final_pipeline-1"}},"mappings":{"properties":{"event":{"properties":{"agent_id_status":{"ignore_above":1024,"type":"keyword"},"ingested":{"format":"strict_date_time_no_millis||strict_date_optional_time||epoch_millis","type":"date"}}}}}},"_meta":{"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "428" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 424.645µs + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.access@settings + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1595 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.access@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"logs"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","input.type","destination.domain","ecs.version","event.category","event.kind","event.outcome","file.path","http.request.method","http.request.referrer","http.version","log.file.path","log.level","source.address","source.as.organization.name","source.domain","source.geo.city_name","source.geo.continent_name","source.geo.country_iso_code","source.geo.country_name","source.geo.region_iso_code","source.geo.region_name","tags","tls.cipher","tls.version","tls.version_protocol","url.domain","url.extension","url.query","user.name","user_agent.device.name","user_agent.device.name","user_agent.name","user_agent.name","user_agent.original","user_agent.original","user_agent.os.full","user_agent.os.name","user_agent.os.name","user_agent.os.version","user_agent.version","apache.access.ssl.protocol","apache.access.ssl.cipher"]}}}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "1595" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 497.616µs + - id: 6 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/logs-apache.access@custom + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 186 + uncompressed: false + body: '{"component_templates":[{"name":"logs-apache.access@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "186" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 344.216µs + - id: 7 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/metrics-apache.status@settings + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 825 + uncompressed: false + body: '{"component_templates":[{"name":"metrics-apache.status@settings","component_template":{"template":{"settings":{"index":{"lifecycle":{"name":"metrics"},"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"query":{"default_field":["cloud.account.id","cloud.availability_zone","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.provider","cloud.region","cloud.project.id","cloud.image.id","container.id","container.image.name","container.name","host.architecture","host.domain","host.hostname","host.id","host.mac","host.name","host.os.family","host.os.kernel","host.os.name","host.os.platform","host.os.version","host.type","host.os.build","host.os.codename","ecs.version","service.address","service.type"]}}}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "825" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 629.712µs + - id: 8 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_component_template/metrics-apache.status@custom + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 189 + uncompressed: false + body: '{"component_templates":[{"name":"metrics-apache.status@custom","component_template":{"template":{"settings":{}},"_meta":{"package":{"name":"apache"},"managed_by":"fleet","managed":true}}}]}' + headers: + Content-Length: + - "189" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 438.911µs + - id: 9 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ilm/policy/logs + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1316 + uncompressed: false + body: '{"logs":{"version":1,"modified_date":"2023-11-27T16:35:54.053Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the logs index template installed by x-pack"}},"in_use_by":{"indices":[".ds-logs-elastic_agent.metricbeat-default-2023.11.27-000001",".ds-logs-elastic_agent.fleet_server-default-2023.11.27-000001",".ds-logs-elastic_agent.filebeat-default-2023.11.27-000001",".ds-logs-elastic_agent-default-2023.11.27-000001"],"data_streams":["logs-elastic_agent-default","logs-elastic_agent.metricbeat-default","logs-elastic_agent.filebeat-default","logs-elastic_agent.fleet_server-default"],"composable_templates":["logs-apache.access","logs-elastic_agent.cloudbeat","logs-elastic_agent.apm_server","logs-elastic_agent.cloud_defend","logs-system.security","logs-system.auth","logs-elastic_agent.metricbeat","logs-elastic_agent.filebeat","logs-elastic_agent.packetbeat","logs-elastic_agent.filebeat_input","logs-elastic_agent.endpoint_security","logs-elastic_agent.fleet_server","logs-apache.error","logs-system.system","logs-system.application","logs-elastic_agent.osquerybeat","logs-elastic_agent.heartbeat","logs-system.syslog","logs-elastic_agent.auditbeat","logs","logs-elastic_agent"]}}}' + headers: + Content-Length: + - "1316" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.782288ms + - id: 10 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ilm/policy/metrics + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 2552 + uncompressed: false + body: '{"metrics":{"version":1,"modified_date":"2023-11-27T16:35:54.011Z","policy":{"phases":{"hot":{"min_age":"0ms","actions":{"rollover":{"max_primary_shard_size":"50gb","max_age":"30d"}}}},"_meta":{"managed":true,"description":"default policy for the metrics index template installed by x-pack"}},"in_use_by":{"indices":[".ds-metrics-system.process.summary-default-2023.11.27-000001",".ds-metrics-system.fsstat-default-2023.11.27-000001",".ds-metrics-system.uptime-default-2023.11.27-000001",".ds-metrics-system.network-default-2023.11.27-000001",".ds-metrics-system.filesystem-default-2023.11.27-000001",".ds-metrics-elastic_agent.elastic_agent-default-2023.11.27-000001",".ds-metrics-system.socket_summary-default-2023.11.27-000001",".ds-metrics-system.diskio-default-2023.11.27-000001",".ds-metrics-elastic_agent.filebeat-default-2023.11.27-000001",".ds-metrics-system.process-default-2023.11.27-000001",".ds-metrics-system.cpu-default-2023.11.27-000001",".ds-metrics-elastic_agent.metricbeat-default-2023.11.27-000001",".ds-metrics-elastic_agent.fleet_server-default-2023.11.27-000001",".ds-metrics-system.load-default-2023.11.27-000001",".ds-metrics-system.memory-default-2023.11.27-000001"],"data_streams":["metrics-system.filesystem-default","metrics-system.cpu-default","metrics-system.process.summary-default","metrics-system.memory-default","metrics-elastic_agent.fleet_server-default","metrics-system.uptime-default","metrics-elastic_agent.elastic_agent-default","metrics-elastic_agent.metricbeat-default","metrics-system.fsstat-default","metrics-system.process-default","metrics-elastic_agent.filebeat-default","metrics-system.network-default","metrics-system.diskio-default","metrics-system.load-default","metrics-system.socket_summary-default"],"composable_templates":["metrics-system.process","metrics-elastic_agent.packetbeat","metrics-system.fsstat","metrics-elastic_agent.osquerybeat","metrics-elastic_agent.endpoint_security","metrics-elastic_agent.apm_server","metrics-system.memory","metrics-system.socket_summary","metrics-apache.status","metrics-elastic_agent.elastic_agent","metrics-elastic_agent.fleet_server","metrics-system.load","metrics-system.core","metrics-elastic_agent.filebeat","metrics-elastic_agent.filebeat_input","metrics-system.uptime","metrics-system.process.summary","metrics-system.cpu","metrics-elastic_agent.heartbeat","metrics-system.diskio","metrics-elastic_agent.cloudbeat","metrics-elastic_agent.metricbeat","metrics-elastic_agent.auditbeat","metrics-system.network","metrics-system.filesystem","metrics"]}}}' + headers: + Content-Length: + - "2552" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.727045ms + - id: 11 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.error-1.3.6 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 3767 + uncompressed: false + body: '{"logs-apache.error-1.3.6":{"description":"Pipeline for parsing apache error logs","processors":[{"pipeline":{"if":"ctx.message.startsWith(''{'')","name":"logs-apache.error-1.3.6-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}","\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}"],"pattern_definitions":{"APACHE_LOGLEVEL":"%{LOGLEVEL}[0-9]*","APACHE_TIME":"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"},"ignore_missing":true}},{"grok":{"field":"message","patterns":["File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}","File does not exist: %{URIPATH:file.path}"],"ignore_missing":true,"ignore_failure":true}},{"date":{"if":"ctx.event.timezone == null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"date":{"if":"ctx.event.timezone != null","field":"apache.error.timestamp","target_field":"@timestamp","formats":["EEE MMM dd H:m:s yyyy","EEE MMM dd H:m:s.SSSSSS yyyy"],"timezone":"{{ event.timezone }}","on_failure":[{"append":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}]}},{"remove":{"field":"apache.error.timestamp","ignore_failure":true}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"script":{"if":"ctx?.log?.level != null","lang":"painless","source":"def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"convert":{"field":"source.port","type":"long","ignore_missing":true}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains(''preserve_original_event''))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}}' + headers: + Content-Length: + - "3767" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.026301ms + - id: 12 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.access-1.3.6 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 4574 + uncompressed: false + body: '{"logs-apache.access-1.3.6":{"description":"Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.","processors":[{"pipeline":{"if":"ctx.message.startsWith(''{'')","name":"logs-apache.access-1.3.6-third-party"}},{"set":{"field":"event.ingested","value":"{{_ingest.timestamp}}"}},{"set":{"field":"ecs.version","value":"1.12.0"}},{"rename":{"field":"message","target_field":"event.original"}},{"grok":{"field":"event.original","patterns":["%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?","%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -","\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})"],"ignore_missing":true}},{"uri_parts":{"field":"_tmp.url_orig","ignore_failure":true}},{"remove":{"field":["_tmp"],"ignore_missing":true}},{"set":{"field":"url.domain","value":"{{destination.domain}}","if":"ctx.url?.domain == null && ctx.destination?.domain != null"}},{"set":{"field":"event.kind","value":"event"}},{"set":{"field":"event.category","value":"web"}},{"set":{"field":"event.outcome","value":"success","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"}},{"set":{"field":"event.outcome","value":"failure","if":"ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399"}},{"grok":{"field":"source.address","ignore_missing":true,"patterns":["^(%{IP:source.ip}|%{HOSTNAME:source.domain})$"]}},{"remove":{"field":"event.created","ignore_missing":true,"ignore_failure":true}},{"rename":{"field":"@timestamp","target_field":"event.created"}},{"date":{"field":"apache.access.time","target_field":"@timestamp","formats":["dd/MMM/yyyy:H:m:s Z"],"ignore_failure":true}},{"remove":{"field":"apache.access.time","ignore_failure":true}},{"user_agent":{"field":"user_agent.original","ignore_failure":true}},{"geoip":{"field":"source.ip","target_field":"source.geo","ignore_missing":true}},{"geoip":{"database_file":"GeoLite2-ASN.mmdb","field":"source.ip","target_field":"source.as","properties":["asn","organization_name"],"ignore_missing":true}},{"rename":{"field":"source.as.asn","target_field":"source.as.number","ignore_missing":true}},{"rename":{"field":"source.as.organization_name","target_field":"source.as.organization.name","ignore_missing":true}},{"set":{"field":"tls.cipher","value":"{{apache.access.ssl.cipher}}","if":"ctx?.apache?.access?.ssl?.cipher != null"}},{"script":{"lang":"painless","if":"ctx?.apache?.access?.ssl?.protocol != null","source":"def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];"}},{"script":{"lang":"painless","description":"This script processor iterates over the whole document to remove fields with null values.","source":"void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n"}},{"remove":{"field":"event.original","if":"ctx?.tags == null || !(ctx.tags.contains(''preserve_original_event''))","ignore_failure":true,"ignore_missing":true}}],"on_failure":[{"set":{"field":"error.message","value":"{{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}}' + headers: + Content-Length: + - "4574" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 850.163µs + - id: 13 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/.fleet_final_pipeline-1 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 2911 + uncompressed: false + body: '{".fleet_final_pipeline-1":{"version":2,"_meta":{"managed_by":"fleet","managed":true},"description":"Final pipeline for processing all incoming Fleet Agent documents.\n","processors":[{"set":{"description":"Add time when event was ingested.","field":"event.ingested","copy_from":"_ingest.timestamp"}},{"script":{"description":"Remove sub-seconds from event.ingested to improve storage efficiency.","tag":"truncate-subseconds-event-ingested","source":"ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);","ignore_failure":true}},{"remove":{"description":"Remove any pre-existing untrusted values.","field":["event.agent_id_status","_security"],"ignore_missing":true}},{"set_security_user":{"field":"_security","properties":["authentication_type","username","realm","api_key"]}},{"script":{"description":"Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n","tag":"agent-id-status","source":"boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != ''API_KEY''\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);","params":{"trusted_users":[{"username":"elastic/fleet-server","realm":"_service_account"},{"username":"cloud-internal-agent-server","realm":"found"},{"username":"elastic","realm":"reserved"}]}}},{"remove":{"field":"_security","ignore_missing":true}}],"on_failure":[{"remove":{"field":"_security","ignore_missing":true,"ignore_failure":true}},{"append":{"field":"error.message","value":["failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}"]}}]}}' + headers: + Content-Length: + - "2911" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 718.117µs + - id: 14 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.error-1.3.6-third-party + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1121 + uncompressed: false + body: '{"logs-apache.error-1.3.6-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}}' + headers: + Content-Length: + - "1121" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 746.962µs + - id: 15 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ingest/pipeline/logs-apache.access-1.3.6-third-party + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1122 + uncompressed: false + body: '{"logs-apache.access-1.3.6-third-party":{"description":"Pipeline for parsing Apache HTTP Server logs from third party api","processors":[{"json":{"field":"message","target_field":"json"}},{"drop":{"if":"ctx.json?.result == null"}},{"fingerprint":{"fields":["json.result._cd","json.result._indextime","json.result._raw","json.result._time","json.result.host","json.result.source"],"target_field":"_id","ignore_missing":true}},{"set":{"copy_from":"json.result._raw","field":"message","ignore_empty_value":true}},{"set":{"copy_from":"json.result.host","field":"host.name","ignore_empty_value":true}},{"set":{"copy_from":"json.result.source","field":"file.path","ignore_empty_value":true}},{"remove":{"field":["json"],"ignore_missing":true}}],"on_failure":[{"append":{"field":"error.message","value":"error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}"}}],"_meta":{"managed_by":"fleet","managed":true,"package":{"name":"apache"}}}}' + headers: + Content-Length: + - "1122" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 614.104µs + - id: 16 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ml/trained_models/apache_*?decompress_definition=false&include=definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 38 + uncompressed: false + body: '{"count":0,"trained_model_configs":[]}' + headers: + Content-Length: + - "38" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 1.012949ms From 5da099fb9f3f85237ba3318a26146289551abe2c Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 17:54:53 +0100 Subject: [PATCH 05/10] Re-record dump of dga package --- internal/dump/indextemplates.go | 5 + internal/dump/installedobjects_test.go | 12 +- .../ml_models/dga_1611725_2.0.json | 259 +++++++++++++ .../elasticsearch-8-mock-dump-dga.yaml | 349 ++++++++++++++++++ internal/elasticsearch/test/httptest.go | 2 +- 5 files changed, 619 insertions(+), 8 deletions(-) create mode 100644 internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json create mode 100644 internal/dump/testdata/elasticsearch-8-mock-dump-dga.yaml diff --git a/internal/dump/indextemplates.go b/internal/dump/indextemplates.go index d48479d78e..7fc50d3cf2 100644 --- a/internal/dump/indextemplates.go +++ b/internal/dump/indextemplates.go @@ -9,6 +9,7 @@ import ( "encoding/json" "fmt" "io" + "net/http" "slices" "github.com/elastic/elastic-package/internal/elasticsearch" @@ -77,6 +78,10 @@ func getIndexTemplatesForPackage(ctx context.Context, api *elasticsearch.API, pa } defer resp.Body.Close() + if resp.StatusCode == http.StatusNotFound { + // Some packages don't have index templates. + return nil, nil + } if resp.IsError() { return nil, fmt.Errorf("failed to get index templates: %s", resp.String()) } diff --git a/internal/dump/installedobjects_test.go b/internal/dump/installedobjects_test.go index 439997e3a7..c669dea323 100644 --- a/internal/dump/installedobjects_test.go +++ b/internal/dump/installedobjects_test.go @@ -41,13 +41,11 @@ func TestDumpInstalledObjects(t *testing.T) { Record: "./testdata/elasticsearch-8-mock-dump-apache", DumpDir: "./testdata/elasticsearch-8-apache-dump-all", }, - /* - &installedObjectsDumpSuite{ - PackageName: "dga", - Record: "./testdata/elasticsearch-8-mock-dump-dga", - DumpDir: "./testdata/elasticsearch-8-dga-dump-all", - }, - */ + &installedObjectsDumpSuite{ + PackageName: "dga", + Record: "./testdata/elasticsearch-8-mock-dump-dga", + DumpDir: "./testdata/elasticsearch-8-dga-dump-all", + }, } for _, s := range suites { diff --git a/internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json b/internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json new file mode 100644 index 0000000000..80c24cc6af --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-dga-dump-all/ml_models/dga_1611725_2.0.json @@ -0,0 +1,259 @@ +{ + "model_id": "dga_1611725_2.0", + "model_type": "tree_ensemble", + "created_by": "api_user", + "version": "8.9.0", + "create_time": 1701103516636, + "model_size_bytes": 246784104, + "estimated_operations": 0, + "license_level": "platinum", + "description": "Model used to detect domain generation algorithm (DGA) activity in your network data.", + "compressed_definition": "//REDACTED//", + "tags": [ + "packetbeat-7.10.0-2021-03-10_expanded_8_analysis" + ], + "metadata": { + "analytics_config": { + "max_num_threads": 8, + "create_time": 1615403883977, + "model_memory_limit": "6gb", + "allow_lazy_start": false, + "description": "", + "analyzed_fields": { + "excludes": [], + "includes": [ + "f.*", + "dns.response_code", + "malicious" + ] + }, + "id": "packetbeat-7.10.0-2021-03-10_expanded_8_analysis", + "source": { + "query": { + "match_all": {} + }, + "index": [ + "packetbeat-7.10.0-2021-03-10_expanded" + ] + }, + "analysis": { + "classification": { + "randomize_seed": 1, + "dependent_variable": "malicious", + "num_top_classes": 2, + "training_percent": 100.0, + "class_assignment_objective": "maximize_minimum_recall", + "prediction_field_name": "malicious_prediction" + } + }, + "dest": { + "index": "packetbeat-7.10.0-2021-03-10_expanded_8_analysis", + "results_field": "ml" + }, + "version": "7.11.0" + } + }, + "input": { + "field_names": [ + "dns.response_code", + "f.b0", + "f.b1", + "f.b10", + "f.b11", + "f.b12", + "f.b13", + "f.b14", + "f.b15", + "f.b16", + "f.b17", + "f.b18", + "f.b19", + "f.b2", + "f.b20", + "f.b21", + "f.b22", + "f.b23", + "f.b24", + "f.b25", + "f.b26", + "f.b27", + "f.b28", + "f.b29", + "f.b3", + "f.b30", + "f.b31", + "f.b32", + "f.b33", + "f.b34", + "f.b35", + "f.b36", + "f.b37", + "f.b38", + "f.b39", + "f.b4", + "f.b40", + "f.b41", + "f.b42", + "f.b43", + "f.b44", + "f.b45", + "f.b46", + "f.b47", + "f.b48", + "f.b49", + "f.b5", + "f.b50", + "f.b51", + "f.b52", + "f.b53", + "f.b54", + "f.b55", + "f.b56", + "f.b57", + "f.b58", + "f.b59", + "f.b6", + "f.b60", + "f.b7", + "f.b8", + "f.b9", + "f.t0", + "f.t1", + "f.t10", + "f.t11", + "f.t12", + "f.t13", + "f.t14", + "f.t15", + "f.t16", + "f.t17", + "f.t18", + "f.t19", + "f.t2", + "f.t20", + "f.t21", + "f.t22", + "f.t23", + "f.t24", + "f.t25", + "f.t26", + "f.t27", + "f.t28", + "f.t29", + "f.t3", + "f.t30", + "f.t31", + "f.t32", + "f.t33", + "f.t34", + "f.t35", + "f.t36", + "f.t37", + "f.t38", + "f.t39", + "f.t4", + "f.t40", + "f.t41", + "f.t42", + "f.t43", + "f.t44", + "f.t45", + "f.t46", + "f.t47", + "f.t48", + "f.t49", + "f.t5", + "f.t50", + "f.t51", + "f.t52", + "f.t53", + "f.t54", + "f.t55", + "f.t56", + "f.t57", + "f.t58", + "f.t59", + "f.t6", + "f.t7", + "f.t8", + "f.t9", + "f.tld", + "f.u0", + "f.u1", + "f.u10", + "f.u11", + "f.u12", + "f.u13", + "f.u14", + "f.u15", + "f.u16", + "f.u17", + "f.u18", + "f.u19", + "f.u2", + "f.u20", + "f.u21", + "f.u22", + "f.u23", + "f.u24", + "f.u25", + "f.u26", + "f.u27", + "f.u28", + "f.u29", + "f.u3", + "f.u30", + "f.u31", + "f.u32", + "f.u33", + "f.u34", + "f.u35", + "f.u36", + "f.u37", + "f.u38", + "f.u39", + "f.u4", + "f.u40", + "f.u41", + "f.u42", + "f.u43", + "f.u44", + "f.u45", + "f.u46", + "f.u47", + "f.u48", + "f.u49", + "f.u5", + "f.u50", + "f.u51", + "f.u52", + "f.u53", + "f.u54", + "f.u55", + "f.u56", + "f.u57", + "f.u58", + "f.u59", + "f.u6", + "f.u60", + "f.u61", + "f.u7", + "f.u8", + "f.u9" + ] + }, + "inference_config": { + "classification": { + "num_top_classes": 2, + "top_classes_results_field": "top_classes", + "results_field": "malicious_prediction", + "num_top_feature_importance_values": 0, + "prediction_field_type": "number" + } + }, + "location": { + "index": { + "name": ".ml-inference-000005" + } + } +} diff --git a/internal/dump/testdata/elasticsearch-8-mock-dump-dga.yaml b/internal/dump/testdata/elasticsearch-8-mock-dump-dga.yaml new file mode 100644 index 0000000000..6b5e56fe31 --- /dev/null +++ b/internal/dump/testdata/elasticsearch-8-mock-dump-dga.yaml @@ -0,0 +1,349 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/ + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 538 + uncompressed: false + body: | + { + "name" : "ef4c4bab9373", + "cluster_name" : "elasticsearch", + "cluster_uuid" : "coeNP0PdQY-fabxLWSssFg", + "version" : { + "number" : "8.9.0", + "build_flavor" : "default", + "build_type" : "docker", + "build_hash" : "8aa461beb06aa0417a231c345a1b8c38fb498a0d", + "build_date" : "2023-07-19T14:43:58.555259655Z", + "build_snapshot" : false, + "lucene_version" : "9.7.0", + "minimum_wire_compatibility_version" : "7.17.0", + "minimum_index_compatibility_version" : "7.0.0" + }, + "tagline" : "You Know, for Search" + } + headers: + Content-Length: + - "538" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 4.329333ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-dga.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 22 + uncompressed: false + body: '{"index_templates":[]}' + headers: + Content-Length: + - "22" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 404 Not Found + code: 404 + duration: 507.076µs + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-dga.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 22 + uncompressed: false + body: '{"index_templates":[]}' + headers: + Content-Length: + - "22" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 404 Not Found + code: 404 + duration: 279.28µs + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-dga.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 22 + uncompressed: false + body: '{"index_templates":[]}' + headers: + Content-Length: + - "22" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 404 Not Found + code: 404 + duration: 240.007µs + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_ml/trained_models/dga_*?decompress_definition=false&include=definition%2Cfeature_importance_baseline%2Chyperparameters%2Ctotal_feature_importance + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 2880 + uncompressed: false + body: | + {"count":1,"trained_model_configs":[{"model_id":"dga_1611725_2.0","model_type":"tree_ensemble","created_by":"api_user","version":"8.9.0","create_time":1701103516636,"model_size_bytes":246784104,"estimated_operations":0,"license_level":"platinum","description":"Model used to detect domain generation algorithm (DGA) activity in your network data.","compressed_definition":"//REDACTED//","tags":["packetbeat-7.10.0-2021-03-10_expanded_8_analysis"],"metadata":{"analytics_config":{"max_num_threads":8,"create_time":1615403883977,"model_memory_limit":"6gb","allow_lazy_start":false,"description":"","analyzed_fields":{"excludes":[],"includes":["f.*","dns.response_code","malicious"]},"id":"packetbeat-7.10.0-2021-03-10_expanded_8_analysis","source":{"query":{"match_all":{}},"index":["packetbeat-7.10.0-2021-03-10_expanded"]},"analysis":{"classification":{"randomize_seed":1,"dependent_variable":"malicious","num_top_classes":2,"training_percent":100,"class_assignment_objective":"maximize_minimum_recall","prediction_field_name":"malicious_prediction"}},"dest":{"index":"packetbeat-7.10.0-2021-03-10_expanded_8_analysis","results_field":"ml"},"version":"7.11.0"}},"input":{"field_names":["dns.response_code","f.b0","f.b1","f.b10","f.b11","f.b12","f.b13","f.b14","f.b15","f.b16","f.b17","f.b18","f.b19","f.b2","f.b20","f.b21","f.b22","f.b23","f.b24","f.b25","f.b26","f.b27","f.b28","f.b29","f.b3","f.b30","f.b31","f.b32","f.b33","f.b34","f.b35","f.b36","f.b37","f.b38","f.b39","f.b4","f.b40","f.b41","f.b42","f.b43","f.b44","f.b45","f.b46","f.b47","f.b48","f.b49","f.b5","f.b50","f.b51","f.b52","f.b53","f.b54","f.b55","f.b56","f.b57","f.b58","f.b59","f.b6","f.b60","f.b7","f.b8","f.b9","f.t0","f.t1","f.t10","f.t11","f.t12","f.t13","f.t14","f.t15","f.t16","f.t17","f.t18","f.t19","f.t2","f.t20","f.t21","f.t22","f.t23","f.t24","f.t25","f.t26","f.t27","f.t28","f.t29","f.t3","f.t30","f.t31","f.t32","f.t33","f.t34","f.t35","f.t36","f.t37","f.t38","f.t39","f.t4","f.t40","f.t41","f.t42","f.t43","f.t44","f.t45","f.t46","f.t47","f.t48","f.t49","f.t5","f.t50","f.t51","f.t52","f.t53","f.t54","f.t55","f.t56","f.t57","f.t58","f.t59","f.t6","f.t7","f.t8","f.t9","f.tld","f.u0","f.u1","f.u10","f.u11","f.u12","f.u13","f.u14","f.u15","f.u16","f.u17","f.u18","f.u19","f.u2","f.u20","f.u21","f.u22","f.u23","f.u24","f.u25","f.u26","f.u27","f.u28","f.u29","f.u3","f.u30","f.u31","f.u32","f.u33","f.u34","f.u35","f.u36","f.u37","f.u38","f.u39","f.u4","f.u40","f.u41","f.u42","f.u43","f.u44","f.u45","f.u46","f.u47","f.u48","f.u49","f.u5","f.u50","f.u51","f.u52","f.u53","f.u54","f.u55","f.u56","f.u57","f.u58","f.u59","f.u6","f.u60","f.u61","f.u7","f.u8","f.u9"]},"inference_config":{"classification":{"num_top_classes":2,"top_classes_results_field":"top_classes","results_field":"malicious_prediction","num_top_feature_importance_values":0,"prediction_field_type":"number"}},"location":{"index":{"name":".ml-inference-000005"}}}]} + headers: + Content-Length: + - "2880" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 200 OK + code: 200 + duration: 145.381452ms + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-dga.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 22 + uncompressed: false + body: '{"index_templates":[]}' + headers: + Content-Length: + - "22" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 404 Not Found + code: 404 + duration: 2.7802ms + - id: 6 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-dga.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 22 + uncompressed: false + body: '{"index_templates":[]}' + headers: + Content-Length: + - "22" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 404 Not Found + code: 404 + duration: 418.494µs + - id: 7 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: "" + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + User-Agent: + - go-elasticsearch/7.17.10 (linux amd64; Go 1.21.3) + X-Elastic-Client-Meta: + - es=7.17.10,go=1.21.3,t=7.17.10,hc=1.21.3 + url: https://127.0.0.1:9200/_index_template/*-dga.* + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 22 + uncompressed: false + body: '{"index_templates":[]}' + headers: + Content-Length: + - "22" + Content-Type: + - application/json + X-Elastic-Product: + - Elasticsearch + status: 404 Not Found + code: 404 + duration: 3.221054ms diff --git a/internal/elasticsearch/test/httptest.go b/internal/elasticsearch/test/httptest.go index 20cffb07e8..63ea5e16ab 100644 --- a/internal/elasticsearch/test/httptest.go +++ b/internal/elasticsearch/test/httptest.go @@ -35,7 +35,7 @@ func NewClient(t *testing.T, serverDataDir string) *elasticsearch.Client { rec, err := recorder.NewWithOptions(&recorder.Options{ CassetteName: serverDataDir, Mode: recorder.ModeReplayWithNewEpisodes, - SkipRequestLatency: false, + SkipRequestLatency: true, RealTransport: config.Transport, }) require.NoError(t, err) From 952f8b4ff45bae086d801233fc30faf9f93e35bf Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 19:17:27 +0100 Subject: [PATCH 06/10] Record fleet responses for kibana tests --- internal/dump/agentpolicies_test.go | 14 +- .../dump/testdata/fleet-7-mock-dump-all.yaml | 183 ++++++++++++++++++ ...-499b5aa7-d214-5b5d-838b-3cd76469844e.json | 1 - ...fleet-agent_policies.full=true.page=1.json | 1 - .../fleet-7-mock-dump-all/api-status.json | 1 - .../dump/testdata/fleet-8-mock-dump-all.yaml | 183 ++++++++++++++++++ ...et-agent_policies-fleet-server-policy.json | 1 - ...fleet-agent_policies.full=true.page=1.json | 1 - .../fleet-8-mock-dump-all/api-status.json | 1 - internal/kibana/client.go | 16 +- internal/kibana/test/httptest.go | 71 +++---- 11 files changed, 412 insertions(+), 61 deletions(-) create mode 100644 internal/dump/testdata/fleet-7-mock-dump-all.yaml delete mode 100644 internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json delete mode 100644 internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json delete mode 100644 internal/dump/testdata/fleet-7-mock-dump-all/api-status.json create mode 100644 internal/dump/testdata/fleet-8-mock-dump-all.yaml delete mode 100644 internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json delete mode 100644 internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json delete mode 100644 internal/dump/testdata/fleet-8-mock-dump-all/api-status.json diff --git a/internal/dump/agentpolicies_test.go b/internal/dump/agentpolicies_test.go index 222df381c3..fba0e7832d 100644 --- a/internal/dump/agentpolicies_test.go +++ b/internal/dump/agentpolicies_test.go @@ -28,7 +28,7 @@ func TestDumpAgentPolicies(t *testing.T) { &agentPoliciesDumpSuite{ AgentPolicy: "499b5aa7-d214-5b5d-838b-3cd76469844e", PackageName: "nginx", - RecordDir: "./testdata/fleet-7-mock-dump-all", + Record: "./testdata/fleet-7-mock-dump-all", DumpDirAll: "./testdata/fleet-7-dump/all", DumpDirPackage: "./testdata/fleet-7-dump/package", DumpDirAgentPolicy: "./testdata/fleet-7-dump/agentpolicy", @@ -36,7 +36,7 @@ func TestDumpAgentPolicies(t *testing.T) { &agentPoliciesDumpSuite{ AgentPolicy: "fleet-server-policy", PackageName: "nginx", - RecordDir: "./testdata/fleet-8-mock-dump-all", + Record: "./testdata/fleet-8-mock-dump-all", DumpDirAll: "./testdata/fleet-8-dump/all", DumpDirPackage: "./testdata/fleet-8-dump/package", DumpDirAgentPolicy: "./testdata/fleet-8-dump/agentpolicy", @@ -57,8 +57,8 @@ type agentPoliciesDumpSuite struct { // AgentPolicy is the name of the agent policy to look for. PackageName string - // RecordDir is where responses from Kibana are recorded. - RecordDir string + // Record is where responses from Kibana are recorded. + Record string // DumpDirAll is where the expected dumped files are stored when looking for all agent policies. DumpDirAll string @@ -111,7 +111,7 @@ func (s *agentPoliciesDumpSuite) SetupTest() { } func (s *agentPoliciesDumpSuite) TestDumpAll() { - client := kibanatest.NewClient(s.T(), s.RecordDir) + client := kibanatest.NewClient(s.T(), s.Record) outputDir := s.T().TempDir() dumper := NewAgentPoliciesDumper(client) @@ -128,7 +128,7 @@ func (s *agentPoliciesDumpSuite) TestDumpAll() { } func (s *agentPoliciesDumpSuite) TestDumpByPackage() { - client := kibanatest.NewClient(s.T(), s.RecordDir) + client := kibanatest.NewClient(s.T(), s.Record) outputDir := s.T().TempDir() dumper := NewAgentPoliciesDumper(client) @@ -145,7 +145,7 @@ func (s *agentPoliciesDumpSuite) TestDumpByPackage() { } func (s *agentPoliciesDumpSuite) TestDumpByName() { - client := kibanatest.NewClient(s.T(), s.RecordDir) + client := kibanatest.NewClient(s.T(), s.Record) outputDir := s.T().TempDir() dumper := NewAgentPoliciesDumper(client) diff --git a/internal/dump/testdata/fleet-7-mock-dump-all.yaml b/internal/dump/testdata/fleet-7-mock-dump-all.yaml new file mode 100644 index 0000000000..f19ecdec0d --- /dev/null +++ b/internal/dump/testdata/fleet-7-mock-dump-all.yaml @@ -0,0 +1,183 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/status + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 24461 + uncompressed: false + body: '{"name":"kibana","uuid":"c3a74423-07d2-47bc-8843-0580b1fe9eb6","version":{"number":"7.17.0","build_hash":"60a9838d21b6420bbdb5a4d07099111b74c68ceb","build_number":46534,"build_snapshot":false},"status":{"overall":{"since":"2023-08-30T11:43:55.277Z","state":"green","title":"Green","nickname":"Looking good","icon":"success","uiColor":"secondary"},"statuses":[{"id":"core:elasticsearch@7.17.0","message":"Elasticsearch is available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"core:savedObjects@7.17.0","message":"SavedObjects service has completed migrations and is available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:advancedSettings@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:bfetch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionMetricVis@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionTagcloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:charts@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:console@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:customIntegrations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboard@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:data@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataViews@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:devTools@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:discover@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:embeddable@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:esUiShared@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionError@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionMetric@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionRepeatImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionRevealImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionShape@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fieldFormats@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:home@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternFieldEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:inputControlVis@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:inspector@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaOverview@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaReact@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaUsageCollection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaUtils@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:management@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:mapsEms@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:mapsLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:navigation@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:newsfeed@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:presentationUtil@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:regionMap@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjects@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsTaggingOss@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:screenshotMode@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:share@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetry@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryCollectionManager@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryManagementSection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:tileMap@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uiActions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:urlForwarding@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:usageCollection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visDefaultEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeMarkdown@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeMetric@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypePie@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTable@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTagcloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTimelion@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTimeseries@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeVega@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeVislib@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeXy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visualizations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visualize@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:actions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:alerting@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:apm@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:banners@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:canvas@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:cases@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:cloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:code@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:crossClusterReplication@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboardEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboardMode@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataVisualizer@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:discoverEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:urlDrilldown@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:embeddableEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:encryptedSavedObjects@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:enterpriseSearch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:eventLog@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:features@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fileUpload@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fleet@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearchBar@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearchProviders@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:graph@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:grokdebugger@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexLifecycleManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:infra@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ingestPipelines@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:lens@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licenseApiGuard@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licenseManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licensing@7.17.0","message":"License fetched","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:lists@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:logstash@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:maps@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ml@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:monitoring@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:observability@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:osquery@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:painlessLab@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:remoteClusters@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:reporting@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:rollup@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ruleRegistry@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:runtimeFields@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsTagging@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:searchprofiler@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:security@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:securitySolution@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:snapshotRestore@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:spaces@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:stackAlerts@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:taskManager@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryCollectionXpack@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:timelines@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:transform@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:translations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:triggersActionsUi@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uiActionsEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:upgradeAssistant@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uptime@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:watcher@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:xpackLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"}]},"metrics":{"last_updated":"2023-08-30T11:43:52.253Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":1.07,"5m":1.31,"15m":1.24},"memory":{"total_in_bytes":33358266368,"free_in_bytes":268140544,"used_in_bytes":33090125824},"uptime_in_millis":774883580,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04"},"process":{"memory":{"heap":{"total_in_bytes":533340160,"used_in_bytes":410822832,"size_limit":4345298944},"resident_set_size_in_bytes":643715072},"pid":7,"event_loop_delay":10.179153502040817,"event_loop_delay_histogram":{"min":9.09312,"max":30.359551,"mean":10.179153502040817,"exceeds":0,"stddev":0.9353847573344422,"fromTimestamp":"2023-08-30T11:43:47.251Z","lastUpdatedAt":"2023-08-30T11:43:52.248Z","percentiles":{"50":10.125311,"75":10.190847,"95":10.256383,"99":10.477567}},"uptime_in_millis":1549598.888492},"processes":[{"memory":{"heap":{"total_in_bytes":533340160,"used_in_bytes":410822832,"size_limit":4345298944},"resident_set_size_in_bytes":643715072},"pid":7,"event_loop_delay":10.179153502040817,"event_loop_delay_histogram":{"min":9.09312,"max":30.359551,"mean":10.179153502040817,"exceeds":0,"stddev":0.9353847573344422,"fromTimestamp":"2023-08-30T11:43:47.251Z","lastUpdatedAt":"2023-08-30T11:43:52.248Z","percentiles":{"50":10.125311,"75":10.190847,"95":10.256383,"99":10.477567}},"uptime_in_millis":1549598.888492}],"response_times":{"avg_in_millis":11,"max_in_millis":11},"concurrent_connections":0,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}}}}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "24461" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Tue, 03 Oct 2023 15:59:45 GMT + status: 200 OK + code: 200 + duration: 3.629565ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/fleet/agent_policies?full=true&page=1 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 41108 + uncompressed: false + body: '{"items":[{"id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:26:16.891Z","updated_by":"elastic","package_policies":[{"id":"0483a039-2f91-4d47-b43c-4623cadd5f27","version":"WzEyNTcsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Application","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Security","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"System","condition":"${host.platform} == ''windows''","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != ''windows''","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:25:42.095Z","created_by":"elastic","updated_at":"2022-06-27T19:25:42.095Z","updated_by":"elastic"},{"id":"c864461b-b8d3-48e0-b477-7954434078b5","version":"WzE1MTgsMV0=","name":"nginx-load-balancers-testt","description":"","namespace":"default","policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:26:16.169Z","created_by":"elastic","updated_at":"2022-06-27T19:26:16.169Z","updated_by":"elastic"}],"agents":0},{"id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:24:39.501Z","updated_by":"elastic","package_policies":[{"id":"7a0e17cf-e39e-4846-911d-c1e4322ff358","version":"Wzg4OSwxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Application","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Security","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"System","condition":"${host.platform} == ''windows''","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != ''windows''","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:24:09.017Z","created_by":"elastic","updated_at":"2022-06-27T19:24:09.017Z","updated_by":"elastic"},{"id":"95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","version":"Wzk5NSwxXQ==","name":"nginx-http-servers-test","description":"","namespace":"default","policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:24:38.498Z","created_by":"elastic","updated_at":"2022-06-27T19:24:38.498Z","updated_by":"elastic"}],"agents":0},{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}],"agents":1},{"id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default policy","description":"Default agent policy created by Kibana","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:39.755Z","updated_by":"system","package_policies":[{"id":"default-system-policy","version":"WzYxNywxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system-policy","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system-policy","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system-policy","compiled_stream":{"name":"Application","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system-policy","compiled_stream":{"name":"Security","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system-policy","compiled_stream":{"name":"System","condition":"${host.platform} == ''windows''","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system-policy"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system-policy","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system-policy","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system-policy","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system-policy","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system-policy","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != ''windows''","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system-policy","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system-policy","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system-policy","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system-policy","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system-policy","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system-policy","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system-policy"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:19:38.837Z","created_by":"system","updated_at":"2022-06-27T19:19:38.837Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "41108" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Wed, 30 Aug 2023 11:46:06 GMT + status: 200 OK + code: 200 + duration: 287.968µs + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/status + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 24461 + uncompressed: false + body: '{"name":"kibana","uuid":"c3a74423-07d2-47bc-8843-0580b1fe9eb6","version":{"number":"7.17.0","build_hash":"60a9838d21b6420bbdb5a4d07099111b74c68ceb","build_number":46534,"build_snapshot":false},"status":{"overall":{"since":"2023-08-30T11:43:55.277Z","state":"green","title":"Green","nickname":"Looking good","icon":"success","uiColor":"secondary"},"statuses":[{"id":"core:elasticsearch@7.17.0","message":"Elasticsearch is available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"core:savedObjects@7.17.0","message":"SavedObjects service has completed migrations and is available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:advancedSettings@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:bfetch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionMetricVis@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionTagcloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:charts@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:console@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:customIntegrations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboard@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:data@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataViews@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:devTools@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:discover@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:embeddable@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:esUiShared@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionError@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionMetric@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionRepeatImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionRevealImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionShape@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fieldFormats@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:home@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternFieldEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:inputControlVis@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:inspector@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaOverview@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaReact@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaUsageCollection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaUtils@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:management@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:mapsEms@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:mapsLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:navigation@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:newsfeed@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:presentationUtil@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:regionMap@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjects@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsTaggingOss@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:screenshotMode@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:share@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetry@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryCollectionManager@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryManagementSection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:tileMap@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uiActions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:urlForwarding@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:usageCollection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visDefaultEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeMarkdown@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeMetric@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypePie@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTable@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTagcloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTimelion@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTimeseries@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeVega@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeVislib@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeXy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visualizations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visualize@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:actions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:alerting@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:apm@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:banners@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:canvas@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:cases@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:cloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:code@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:crossClusterReplication@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboardEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboardMode@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataVisualizer@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:discoverEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:urlDrilldown@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:embeddableEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:encryptedSavedObjects@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:enterpriseSearch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:eventLog@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:features@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fileUpload@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fleet@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearchBar@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearchProviders@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:graph@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:grokdebugger@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexLifecycleManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:infra@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ingestPipelines@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:lens@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licenseApiGuard@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licenseManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licensing@7.17.0","message":"License fetched","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:lists@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:logstash@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:maps@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ml@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:monitoring@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:observability@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:osquery@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:painlessLab@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:remoteClusters@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:reporting@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:rollup@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ruleRegistry@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:runtimeFields@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsTagging@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:searchprofiler@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:security@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:securitySolution@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:snapshotRestore@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:spaces@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:stackAlerts@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:taskManager@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryCollectionXpack@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:timelines@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:transform@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:translations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:triggersActionsUi@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uiActionsEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:upgradeAssistant@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uptime@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:watcher@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:xpackLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"}]},"metrics":{"last_updated":"2023-08-30T11:43:52.253Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":1.07,"5m":1.31,"15m":1.24},"memory":{"total_in_bytes":33358266368,"free_in_bytes":268140544,"used_in_bytes":33090125824},"uptime_in_millis":774883580,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04"},"process":{"memory":{"heap":{"total_in_bytes":533340160,"used_in_bytes":410822832,"size_limit":4345298944},"resident_set_size_in_bytes":643715072},"pid":7,"event_loop_delay":10.179153502040817,"event_loop_delay_histogram":{"min":9.09312,"max":30.359551,"mean":10.179153502040817,"exceeds":0,"stddev":0.9353847573344422,"fromTimestamp":"2023-08-30T11:43:47.251Z","lastUpdatedAt":"2023-08-30T11:43:52.248Z","percentiles":{"50":10.125311,"75":10.190847,"95":10.256383,"99":10.477567}},"uptime_in_millis":1549598.888492},"processes":[{"memory":{"heap":{"total_in_bytes":533340160,"used_in_bytes":410822832,"size_limit":4345298944},"resident_set_size_in_bytes":643715072},"pid":7,"event_loop_delay":10.179153502040817,"event_loop_delay_histogram":{"min":9.09312,"max":30.359551,"mean":10.179153502040817,"exceeds":0,"stddev":0.9353847573344422,"fromTimestamp":"2023-08-30T11:43:47.251Z","lastUpdatedAt":"2023-08-30T11:43:52.248Z","percentiles":{"50":10.125311,"75":10.190847,"95":10.256383,"99":10.477567}},"uptime_in_millis":1549598.888492}],"response_times":{"avg_in_millis":11,"max_in_millis":11},"concurrent_connections":0,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}}}}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "24461" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Tue, 03 Oct 2023 15:59:45 GMT + status: 200 OK + code: 200 + duration: 459.281µs + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/fleet/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1208 + uncompressed: false + body: '{"item":{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}]}}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "1208" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Wed, 30 Aug 2023 11:46:06 GMT + status: 200 OK + code: 200 + duration: 275.535µs diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json deleted file mode 100644 index 629734ee4a..0000000000 --- a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json +++ /dev/null @@ -1 +0,0 @@ -{"item":{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}]}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json deleted file mode 100644 index 61c7799103..0000000000 --- a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json +++ /dev/null @@ -1 +0,0 @@ -{"items":[{"id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:26:16.891Z","updated_by":"elastic","package_policies":[{"id":"0483a039-2f91-4d47-b43c-4623cadd5f27","version":"WzEyNTcsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:25:42.095Z","created_by":"elastic","updated_at":"2022-06-27T19:25:42.095Z","updated_by":"elastic"},{"id":"c864461b-b8d3-48e0-b477-7954434078b5","version":"WzE1MTgsMV0=","name":"nginx-load-balancers-testt","description":"","namespace":"default","policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:26:16.169Z","created_by":"elastic","updated_at":"2022-06-27T19:26:16.169Z","updated_by":"elastic"}],"agents":0},{"id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:24:39.501Z","updated_by":"elastic","package_policies":[{"id":"7a0e17cf-e39e-4846-911d-c1e4322ff358","version":"Wzg4OSwxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:24:09.017Z","created_by":"elastic","updated_at":"2022-06-27T19:24:09.017Z","updated_by":"elastic"},{"id":"95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","version":"Wzk5NSwxXQ==","name":"nginx-http-servers-test","description":"","namespace":"default","policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:24:38.498Z","created_by":"elastic","updated_at":"2022-06-27T19:24:38.498Z","updated_by":"elastic"}],"agents":0},{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}],"agents":1},{"id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default policy","description":"Default agent policy created by Kibana","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:39.755Z","updated_by":"system","package_policies":[{"id":"default-system-policy","version":"WzYxNywxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system-policy","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system-policy","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system-policy","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system-policy","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system-policy","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system-policy"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system-policy","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system-policy","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system-policy","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system-policy","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system-policy","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system-policy","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system-policy","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system-policy","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system-policy","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system-policy","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system-policy","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system-policy"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:19:38.837Z","created_by":"system","updated_at":"2022-06-27T19:19:38.837Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-status.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-status.json deleted file mode 100644 index 9746ff9855..0000000000 --- a/internal/dump/testdata/fleet-7-mock-dump-all/api-status.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"kibana","uuid":"c3a74423-07d2-47bc-8843-0580b1fe9eb6","version":{"number":"7.17.0","build_hash":"60a9838d21b6420bbdb5a4d07099111b74c68ceb","build_number":46534,"build_snapshot":false},"status":{"overall":{"since":"2023-08-30T11:43:55.277Z","state":"green","title":"Green","nickname":"Looking good","icon":"success","uiColor":"secondary"},"statuses":[{"id":"core:elasticsearch@7.17.0","message":"Elasticsearch is available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"core:savedObjects@7.17.0","message":"SavedObjects service has completed migrations and is available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:advancedSettings@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:bfetch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionMetricVis@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionTagcloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:charts@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:console@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:customIntegrations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboard@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:data@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataViews@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:devTools@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:discover@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:embeddable@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:esUiShared@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionError@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionMetric@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionRepeatImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionRevealImage@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressionShape@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:expressions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fieldFormats@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:home@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternFieldEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexPatternManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:inputControlVis@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:inspector@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaOverview@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaReact@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaUsageCollection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:kibanaUtils@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:management@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:mapsEms@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:mapsLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:navigation@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:newsfeed@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:presentationUtil@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:regionMap@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjects@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsTaggingOss@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:screenshotMode@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:share@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetry@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryCollectionManager@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryManagementSection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:tileMap@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uiActions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:urlForwarding@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:usageCollection@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visDefaultEditor@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeMarkdown@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeMetric@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypePie@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTable@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTagcloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTimelion@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeTimeseries@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeVega@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeVislib@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visTypeXy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visualizations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:visualize@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:actions@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:alerting@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:apm@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:banners@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:canvas@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:cases@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:cloud@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:code@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:crossClusterReplication@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboardEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dashboardMode@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:dataVisualizer@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:discoverEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:urlDrilldown@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:embeddableEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:encryptedSavedObjects@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:enterpriseSearch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:eventLog@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:features@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fileUpload@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:fleet@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearch@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearchBar@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:globalSearchProviders@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:graph@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:grokdebugger@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexLifecycleManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:indexManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:infra@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ingestPipelines@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:lens@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licenseApiGuard@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licenseManagement@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:licensing@7.17.0","message":"License fetched","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:lists@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:logstash@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:maps@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ml@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:monitoring@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:observability@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:osquery@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:painlessLab@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:remoteClusters@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:reporting@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:rollup@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:ruleRegistry@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:runtimeFields@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:savedObjectsTagging@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:searchprofiler@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:security@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:securitySolution@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:snapshotRestore@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:spaces@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:stackAlerts@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:taskManager@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:telemetryCollectionXpack@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:timelines@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:transform@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:translations@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:triggersActionsUi@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uiActionsEnhanced@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:upgradeAssistant@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:uptime@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:watcher@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"},{"id":"plugin:xpackLegacy@7.17.0","message":"All dependencies are available","since":"2023-08-30T11:43:55.277Z","state":"green","icon":"success","uiColor":"secondary"}]},"metrics":{"last_updated":"2023-08-30T11:43:52.253Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":1.07,"5m":1.31,"15m":1.24},"memory":{"total_in_bytes":33358266368,"free_in_bytes":268140544,"used_in_bytes":33090125824},"uptime_in_millis":774883580,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04"},"process":{"memory":{"heap":{"total_in_bytes":533340160,"used_in_bytes":410822832,"size_limit":4345298944},"resident_set_size_in_bytes":643715072},"pid":7,"event_loop_delay":10.179153502040817,"event_loop_delay_histogram":{"min":9.09312,"max":30.359551,"mean":10.179153502040817,"exceeds":0,"stddev":0.9353847573344422,"fromTimestamp":"2023-08-30T11:43:47.251Z","lastUpdatedAt":"2023-08-30T11:43:52.248Z","percentiles":{"50":10.125311,"75":10.190847,"95":10.256383,"99":10.477567}},"uptime_in_millis":1549598.888492},"processes":[{"memory":{"heap":{"total_in_bytes":533340160,"used_in_bytes":410822832,"size_limit":4345298944},"resident_set_size_in_bytes":643715072},"pid":7,"event_loop_delay":10.179153502040817,"event_loop_delay_histogram":{"min":9.09312,"max":30.359551,"mean":10.179153502040817,"exceeds":0,"stddev":0.9353847573344422,"fromTimestamp":"2023-08-30T11:43:47.251Z","lastUpdatedAt":"2023-08-30T11:43:52.248Z","percentiles":{"50":10.125311,"75":10.190847,"95":10.256383,"99":10.477567}},"uptime_in_millis":1549598.888492}],"response_times":{"avg_in_millis":11,"max_in_millis":11},"concurrent_connections":0,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}}}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all.yaml b/internal/dump/testdata/fleet-8-mock-dump-all.yaml new file mode 100644 index 0000000000..7e95757761 --- /dev/null +++ b/internal/dump/testdata/fleet-8-mock-dump-all.yaml @@ -0,0 +1,183 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/status + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 12279 + uncompressed: false + body: '{"name":"kibana","uuid":"4d61db22-fa55-4750-91b8-dd344522c879","version":{"number":"8.0.0","build_hash":"57ca5e139a33dd2eed927ce98d8231a1f217cd15","build_number":49192,"build_snapshot":false},"status":{"overall":{"level":"available","summary":"All services are available"},"core":{"elasticsearch":{"level":"available","summary":"Elasticsearch is available","meta":{"warningNodes":[],"incompatibleNodes":[]}},"savedObjects":{"level":"available","summary":"SavedObjects service has completed migrations and is available","meta":{"migratedIndices":{"migrated":0,"skipped":0,"patched":2}}}},"plugins":{"advancedSettings":{"level":"available","summary":"All dependencies are available"},"bfetch":{"level":"available","summary":"All dependencies are available"},"expressionMetricVis":{"level":"available","summary":"All dependencies are available"},"expressionTagcloud":{"level":"available","summary":"All dependencies are available"},"charts":{"level":"available","summary":"All dependencies are available"},"console":{"level":"available","summary":"All dependencies are available"},"customIntegrations":{"level":"available","summary":"All dependencies are available"},"dashboard":{"level":"available","summary":"All dependencies are available"},"data":{"level":"available","summary":"All dependencies are available"},"dataViews":{"level":"available","summary":"All dependencies are available"},"devTools":{"level":"available","summary":"All dependencies are available"},"discover":{"level":"available","summary":"All dependencies are available"},"embeddable":{"level":"available","summary":"All dependencies are available"},"esUiShared":{"level":"available","summary":"All dependencies are available"},"expressionError":{"level":"available","summary":"All dependencies are available"},"expressionImage":{"level":"available","summary":"All dependencies are available"},"expressionMetric":{"level":"available","summary":"All dependencies are available"},"expressionRepeatImage":{"level":"available","summary":"All dependencies are available"},"expressionRevealImage":{"level":"available","summary":"All dependencies are available"},"expressionShape":{"level":"available","summary":"All dependencies are available"},"expressions":{"level":"available","summary":"All dependencies are available"},"fieldFormats":{"level":"available","summary":"All dependencies are available"},"home":{"level":"available","summary":"All dependencies are available"},"indexPatternEditor":{"level":"available","summary":"All dependencies are available"},"indexPatternFieldEditor":{"level":"available","summary":"All dependencies are available"},"indexPatternManagement":{"level":"available","summary":"All dependencies are available"},"inputControlVis":{"level":"available","summary":"All dependencies are available"},"inspector":{"level":"available","summary":"All dependencies are available"},"kibanaLegacy":{"level":"available","summary":"All dependencies are available"},"kibanaOverview":{"level":"available","summary":"All dependencies are available"},"kibanaReact":{"level":"available","summary":"All dependencies are available"},"kibanaUsageCollection":{"level":"available","summary":"All dependencies are available"},"kibanaUtils":{"level":"available","summary":"All dependencies are available"},"management":{"level":"available","summary":"All dependencies are available"},"mapsEms":{"level":"available","summary":"All dependencies are available"},"navigation":{"level":"available","summary":"All dependencies are available"},"newsfeed":{"level":"available","summary":"All dependencies are available"},"presentationUtil":{"level":"available","summary":"All dependencies are available"},"savedObjects":{"level":"available","summary":"All dependencies are available"},"savedObjectsManagement":{"level":"available","summary":"All dependencies are available"},"savedObjectsTaggingOss":{"level":"available","summary":"All dependencies are available"},"screenshotMode":{"level":"available","summary":"All dependencies are available"},"share":{"level":"available","summary":"All dependencies are available"},"telemetry":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionManager":{"level":"available","summary":"All dependencies are available"},"telemetryManagementSection":{"level":"available","summary":"All dependencies are available"},"uiActions":{"level":"available","summary":"All dependencies are available"},"urlForwarding":{"level":"available","summary":"All dependencies are available"},"usageCollection":{"level":"available","summary":"All dependencies are available"},"visDefaultEditor":{"level":"available","summary":"All dependencies are available"},"visTypeMarkdown":{"level":"available","summary":"All dependencies are available"},"visTypeMetric":{"level":"available","summary":"All dependencies are available"},"visTypePie":{"level":"available","summary":"All dependencies are available"},"visTypeTable":{"level":"available","summary":"All dependencies are available"},"visTypeTagcloud":{"level":"available","summary":"All dependencies are available"},"visTypeTimelion":{"level":"available","summary":"All dependencies are available"},"visTypeTimeseries":{"level":"available","summary":"All dependencies are available"},"visTypeVega":{"level":"available","summary":"All dependencies are available"},"visTypeVislib":{"level":"available","summary":"All dependencies are available"},"visTypeXy":{"level":"available","summary":"All dependencies are available"},"visualizations":{"level":"available","summary":"All dependencies are available"},"visualize":{"level":"available","summary":"All dependencies are available"},"actions":{"level":"available","summary":"All dependencies are available"},"alerting":{"level":"available","summary":"Alerting is (probably) ready"},"apm":{"level":"available","summary":"All dependencies are available"},"banners":{"level":"available","summary":"All dependencies are available"},"canvas":{"level":"available","summary":"All dependencies are available"},"cases":{"level":"available","summary":"All dependencies are available"},"cloud":{"level":"available","summary":"All dependencies are available"},"crossClusterReplication":{"level":"available","summary":"All dependencies are available"},"dashboardEnhanced":{"level":"available","summary":"All dependencies are available"},"dataEnhanced":{"level":"available","summary":"All dependencies are available"},"dataVisualizer":{"level":"available","summary":"All dependencies are available"},"discoverEnhanced":{"level":"available","summary":"All dependencies are available"},"urlDrilldown":{"level":"available","summary":"All dependencies are available"},"embeddableEnhanced":{"level":"available","summary":"All dependencies are available"},"encryptedSavedObjects":{"level":"available","summary":"All dependencies are available"},"enterpriseSearch":{"level":"available","summary":"All dependencies are available"},"eventLog":{"level":"available","summary":"All dependencies are available"},"features":{"level":"available","summary":"All dependencies are available"},"fileUpload":{"level":"available","summary":"All dependencies are available"},"fleet":{"level":"available","summary":"Fleet is available"},"globalSearch":{"level":"available","summary":"All dependencies are available"},"globalSearchBar":{"level":"available","summary":"All dependencies are available"},"globalSearchProviders":{"level":"available","summary":"All dependencies are available"},"graph":{"level":"available","summary":"All dependencies are available"},"grokdebugger":{"level":"available","summary":"All dependencies are available"},"indexLifecycleManagement":{"level":"available","summary":"All dependencies are available"},"indexManagement":{"level":"available","summary":"All dependencies are available"},"infra":{"level":"available","summary":"All dependencies are available"},"ingestPipelines":{"level":"available","summary":"All dependencies are available"},"lens":{"level":"available","summary":"All dependencies are available"},"licenseApiGuard":{"level":"available","summary":"All dependencies are available"},"licenseManagement":{"level":"available","summary":"All dependencies are available"},"licensing":{"level":"available","summary":"License fetched"},"lists":{"level":"available","summary":"All dependencies are available"},"logstash":{"level":"available","summary":"All dependencies are available"},"maps":{"level":"available","summary":"All dependencies are available"},"ml":{"level":"available","summary":"All dependencies are available"},"monitoring":{"level":"available","summary":"All dependencies are available"},"observability":{"level":"available","summary":"All dependencies are available"},"osquery":{"level":"available","summary":"All dependencies are available"},"painlessLab":{"level":"available","summary":"All dependencies are available"},"remoteClusters":{"level":"available","summary":"All dependencies are available"},"reporting":{"level":"available","summary":"All dependencies are available"},"rollup":{"level":"available","summary":"All dependencies are available"},"ruleRegistry":{"level":"available","summary":"All dependencies are available"},"runtimeFields":{"level":"available","summary":"All dependencies are available"},"savedObjectsTagging":{"level":"available","summary":"All dependencies are available"},"screenshotting":{"level":"available","summary":"All dependencies are available"},"searchprofiler":{"level":"available","summary":"All dependencies are available"},"security":{"level":"available","summary":"All dependencies are available"},"securitySolution":{"level":"available","summary":"All dependencies are available"},"snapshotRestore":{"level":"available","summary":"All dependencies are available"},"spaces":{"level":"available","summary":"All dependencies are available"},"stackAlerts":{"level":"available","summary":"All dependencies are available"},"taskManager":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionXpack":{"level":"available","summary":"All dependencies are available"},"timelines":{"level":"available","summary":"All dependencies are available"},"transform":{"level":"available","summary":"All dependencies are available"},"translations":{"level":"available","summary":"All dependencies are available"},"triggersActionsUi":{"level":"available","summary":"All dependencies are available"},"uiActionsEnhanced":{"level":"available","summary":"All dependencies are available"},"upgradeAssistant":{"level":"available","summary":"All dependencies are available"},"uptime":{"level":"available","summary":"All dependencies are available"},"watcher":{"level":"available","summary":"All dependencies are available"}}},"metrics":{"last_updated":"2023-08-30T11:53:46.940Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":3.9,"5m":2.38,"15m":1.66},"memory":{"total_in_bytes":33358266368,"free_in_bytes":276086784,"used_in_bytes":33082179584},"uptime_in_millis":775478260,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04"},"process":{"memory":{"heap":{"total_in_bytes":467066880,"used_in_bytes":369791072,"size_limit":4345298944},"resident_set_size_in_bytes":553046016},"pid":7,"event_loop_delay":10.310148231404959,"event_loop_delay_histogram":{"min":9.09312,"max":38.502399,"mean":10.310148231404959,"exceeds":0,"stddev":1.6360547505591572,"fromTimestamp":"2023-08-30T11:53:41.937Z","lastUpdatedAt":"2023-08-30T11:53:46.935Z","percentiles":{"50":10.100735,"75":10.117119,"95":10.895359,"99":14.811135}},"uptime_in_millis":90449.453821},"processes":[{"memory":{"heap":{"total_in_bytes":467066880,"used_in_bytes":369791072,"size_limit":4345298944},"resident_set_size_in_bytes":553046016},"pid":7,"event_loop_delay":10.310148231404959,"event_loop_delay_histogram":{"min":9.09312,"max":38.502399,"mean":10.310148231404959,"exceeds":0,"stddev":1.6360547505591572,"fromTimestamp":"2023-08-30T11:53:41.937Z","lastUpdatedAt":"2023-08-30T11:53:46.935Z","percentiles":{"50":10.100735,"75":10.117119,"95":10.895359,"99":14.811135}},"uptime_in_millis":90449.453821}],"response_times":{"avg_in_millis":26,"max_in_millis":26},"concurrent_connections":7,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}}}}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "12279" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Tue, 03 Oct 2023 15:59:45 GMT + status: 200 OK + code: 200 + duration: 543.692µs + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/fleet/agent_policies?full=true&page=1 + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 40767 + uncompressed: false + body: '{"items":[{"id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:59.587Z","updated_by":"elastic","package_policies":[{"id":"a09f2609-9e8b-4b48-998f-ce99340da027","version":"WzEzMjAsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Application","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Security","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"System","condition":"${host.platform} == ''windows''","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != ''windows''","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:33:55.519Z","created_by":"elastic","updated_at":"2022-06-27T15:33:55.519Z","updated_by":"elastic"},{"id":"46331ee9-90a9-4b1f-b568-98641e9bafc9","version":"WzEzMjIsMV0=","name":"nginx-load-balancers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:58.606Z","created_by":"elastic","updated_at":"2022-06-27T15:33:58.606Z","updated_by":"elastic"}],"agents":0},{"id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:05.252Z","updated_by":"elastic","package_policies":[{"id":"863e86ed-8d12-466c-a6b9-b5c3769f4f80","version":"WzkyMywxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Application","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Security","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"System","condition":"${host.platform} == ''windows''","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != ''windows''","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:32:53.484Z","created_by":"elastic","updated_at":"2022-06-27T15:32:53.484Z","updated_by":"elastic"},{"id":"9be915b0-9b9b-45e2-adfc-37f18b64d468","version":"WzEwMjIsMV0=","name":"nginx-http-servers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:04.248Z","created_by":"elastic","updated_at":"2022-06-27T15:33:04.248Z","updated_by":"elastic"}],"agents":0},{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}],"agents":1},{"id":"elastic-agent-managed-ep","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Elastic-Agent (elastic-package)","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:01.360Z","updated_by":"system","package_policies":[{"id":"default-system","version":"WzYyMiwxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"elastic-agent-managed-ep","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system","compiled_stream":{"name":"Application","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system","compiled_stream":{"name":"Security","condition":"${host.platform} == ''windows''","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system","compiled_stream":{"name":"System","condition":"${host.platform} == ''windows''","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != ''windows''","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:31:00.403Z","created_by":"system","updated_at":"2022-06-27T15:31:00.403Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "40767" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Mon, 06 Mar 2023 12:23:37 GMT + status: 200 OK + code: 200 + duration: 678.078µs + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/status + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 12279 + uncompressed: false + body: '{"name":"kibana","uuid":"4d61db22-fa55-4750-91b8-dd344522c879","version":{"number":"8.0.0","build_hash":"57ca5e139a33dd2eed927ce98d8231a1f217cd15","build_number":49192,"build_snapshot":false},"status":{"overall":{"level":"available","summary":"All services are available"},"core":{"elasticsearch":{"level":"available","summary":"Elasticsearch is available","meta":{"warningNodes":[],"incompatibleNodes":[]}},"savedObjects":{"level":"available","summary":"SavedObjects service has completed migrations and is available","meta":{"migratedIndices":{"migrated":0,"skipped":0,"patched":2}}}},"plugins":{"advancedSettings":{"level":"available","summary":"All dependencies are available"},"bfetch":{"level":"available","summary":"All dependencies are available"},"expressionMetricVis":{"level":"available","summary":"All dependencies are available"},"expressionTagcloud":{"level":"available","summary":"All dependencies are available"},"charts":{"level":"available","summary":"All dependencies are available"},"console":{"level":"available","summary":"All dependencies are available"},"customIntegrations":{"level":"available","summary":"All dependencies are available"},"dashboard":{"level":"available","summary":"All dependencies are available"},"data":{"level":"available","summary":"All dependencies are available"},"dataViews":{"level":"available","summary":"All dependencies are available"},"devTools":{"level":"available","summary":"All dependencies are available"},"discover":{"level":"available","summary":"All dependencies are available"},"embeddable":{"level":"available","summary":"All dependencies are available"},"esUiShared":{"level":"available","summary":"All dependencies are available"},"expressionError":{"level":"available","summary":"All dependencies are available"},"expressionImage":{"level":"available","summary":"All dependencies are available"},"expressionMetric":{"level":"available","summary":"All dependencies are available"},"expressionRepeatImage":{"level":"available","summary":"All dependencies are available"},"expressionRevealImage":{"level":"available","summary":"All dependencies are available"},"expressionShape":{"level":"available","summary":"All dependencies are available"},"expressions":{"level":"available","summary":"All dependencies are available"},"fieldFormats":{"level":"available","summary":"All dependencies are available"},"home":{"level":"available","summary":"All dependencies are available"},"indexPatternEditor":{"level":"available","summary":"All dependencies are available"},"indexPatternFieldEditor":{"level":"available","summary":"All dependencies are available"},"indexPatternManagement":{"level":"available","summary":"All dependencies are available"},"inputControlVis":{"level":"available","summary":"All dependencies are available"},"inspector":{"level":"available","summary":"All dependencies are available"},"kibanaLegacy":{"level":"available","summary":"All dependencies are available"},"kibanaOverview":{"level":"available","summary":"All dependencies are available"},"kibanaReact":{"level":"available","summary":"All dependencies are available"},"kibanaUsageCollection":{"level":"available","summary":"All dependencies are available"},"kibanaUtils":{"level":"available","summary":"All dependencies are available"},"management":{"level":"available","summary":"All dependencies are available"},"mapsEms":{"level":"available","summary":"All dependencies are available"},"navigation":{"level":"available","summary":"All dependencies are available"},"newsfeed":{"level":"available","summary":"All dependencies are available"},"presentationUtil":{"level":"available","summary":"All dependencies are available"},"savedObjects":{"level":"available","summary":"All dependencies are available"},"savedObjectsManagement":{"level":"available","summary":"All dependencies are available"},"savedObjectsTaggingOss":{"level":"available","summary":"All dependencies are available"},"screenshotMode":{"level":"available","summary":"All dependencies are available"},"share":{"level":"available","summary":"All dependencies are available"},"telemetry":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionManager":{"level":"available","summary":"All dependencies are available"},"telemetryManagementSection":{"level":"available","summary":"All dependencies are available"},"uiActions":{"level":"available","summary":"All dependencies are available"},"urlForwarding":{"level":"available","summary":"All dependencies are available"},"usageCollection":{"level":"available","summary":"All dependencies are available"},"visDefaultEditor":{"level":"available","summary":"All dependencies are available"},"visTypeMarkdown":{"level":"available","summary":"All dependencies are available"},"visTypeMetric":{"level":"available","summary":"All dependencies are available"},"visTypePie":{"level":"available","summary":"All dependencies are available"},"visTypeTable":{"level":"available","summary":"All dependencies are available"},"visTypeTagcloud":{"level":"available","summary":"All dependencies are available"},"visTypeTimelion":{"level":"available","summary":"All dependencies are available"},"visTypeTimeseries":{"level":"available","summary":"All dependencies are available"},"visTypeVega":{"level":"available","summary":"All dependencies are available"},"visTypeVislib":{"level":"available","summary":"All dependencies are available"},"visTypeXy":{"level":"available","summary":"All dependencies are available"},"visualizations":{"level":"available","summary":"All dependencies are available"},"visualize":{"level":"available","summary":"All dependencies are available"},"actions":{"level":"available","summary":"All dependencies are available"},"alerting":{"level":"available","summary":"Alerting is (probably) ready"},"apm":{"level":"available","summary":"All dependencies are available"},"banners":{"level":"available","summary":"All dependencies are available"},"canvas":{"level":"available","summary":"All dependencies are available"},"cases":{"level":"available","summary":"All dependencies are available"},"cloud":{"level":"available","summary":"All dependencies are available"},"crossClusterReplication":{"level":"available","summary":"All dependencies are available"},"dashboardEnhanced":{"level":"available","summary":"All dependencies are available"},"dataEnhanced":{"level":"available","summary":"All dependencies are available"},"dataVisualizer":{"level":"available","summary":"All dependencies are available"},"discoverEnhanced":{"level":"available","summary":"All dependencies are available"},"urlDrilldown":{"level":"available","summary":"All dependencies are available"},"embeddableEnhanced":{"level":"available","summary":"All dependencies are available"},"encryptedSavedObjects":{"level":"available","summary":"All dependencies are available"},"enterpriseSearch":{"level":"available","summary":"All dependencies are available"},"eventLog":{"level":"available","summary":"All dependencies are available"},"features":{"level":"available","summary":"All dependencies are available"},"fileUpload":{"level":"available","summary":"All dependencies are available"},"fleet":{"level":"available","summary":"Fleet is available"},"globalSearch":{"level":"available","summary":"All dependencies are available"},"globalSearchBar":{"level":"available","summary":"All dependencies are available"},"globalSearchProviders":{"level":"available","summary":"All dependencies are available"},"graph":{"level":"available","summary":"All dependencies are available"},"grokdebugger":{"level":"available","summary":"All dependencies are available"},"indexLifecycleManagement":{"level":"available","summary":"All dependencies are available"},"indexManagement":{"level":"available","summary":"All dependencies are available"},"infra":{"level":"available","summary":"All dependencies are available"},"ingestPipelines":{"level":"available","summary":"All dependencies are available"},"lens":{"level":"available","summary":"All dependencies are available"},"licenseApiGuard":{"level":"available","summary":"All dependencies are available"},"licenseManagement":{"level":"available","summary":"All dependencies are available"},"licensing":{"level":"available","summary":"License fetched"},"lists":{"level":"available","summary":"All dependencies are available"},"logstash":{"level":"available","summary":"All dependencies are available"},"maps":{"level":"available","summary":"All dependencies are available"},"ml":{"level":"available","summary":"All dependencies are available"},"monitoring":{"level":"available","summary":"All dependencies are available"},"observability":{"level":"available","summary":"All dependencies are available"},"osquery":{"level":"available","summary":"All dependencies are available"},"painlessLab":{"level":"available","summary":"All dependencies are available"},"remoteClusters":{"level":"available","summary":"All dependencies are available"},"reporting":{"level":"available","summary":"All dependencies are available"},"rollup":{"level":"available","summary":"All dependencies are available"},"ruleRegistry":{"level":"available","summary":"All dependencies are available"},"runtimeFields":{"level":"available","summary":"All dependencies are available"},"savedObjectsTagging":{"level":"available","summary":"All dependencies are available"},"screenshotting":{"level":"available","summary":"All dependencies are available"},"searchprofiler":{"level":"available","summary":"All dependencies are available"},"security":{"level":"available","summary":"All dependencies are available"},"securitySolution":{"level":"available","summary":"All dependencies are available"},"snapshotRestore":{"level":"available","summary":"All dependencies are available"},"spaces":{"level":"available","summary":"All dependencies are available"},"stackAlerts":{"level":"available","summary":"All dependencies are available"},"taskManager":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionXpack":{"level":"available","summary":"All dependencies are available"},"timelines":{"level":"available","summary":"All dependencies are available"},"transform":{"level":"available","summary":"All dependencies are available"},"translations":{"level":"available","summary":"All dependencies are available"},"triggersActionsUi":{"level":"available","summary":"All dependencies are available"},"uiActionsEnhanced":{"level":"available","summary":"All dependencies are available"},"upgradeAssistant":{"level":"available","summary":"All dependencies are available"},"uptime":{"level":"available","summary":"All dependencies are available"},"watcher":{"level":"available","summary":"All dependencies are available"}}},"metrics":{"last_updated":"2023-08-30T11:53:46.940Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":3.9,"5m":2.38,"15m":1.66},"memory":{"total_in_bytes":33358266368,"free_in_bytes":276086784,"used_in_bytes":33082179584},"uptime_in_millis":775478260,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04"},"process":{"memory":{"heap":{"total_in_bytes":467066880,"used_in_bytes":369791072,"size_limit":4345298944},"resident_set_size_in_bytes":553046016},"pid":7,"event_loop_delay":10.310148231404959,"event_loop_delay_histogram":{"min":9.09312,"max":38.502399,"mean":10.310148231404959,"exceeds":0,"stddev":1.6360547505591572,"fromTimestamp":"2023-08-30T11:53:41.937Z","lastUpdatedAt":"2023-08-30T11:53:46.935Z","percentiles":{"50":10.100735,"75":10.117119,"95":10.895359,"99":14.811135}},"uptime_in_millis":90449.453821},"processes":[{"memory":{"heap":{"total_in_bytes":467066880,"used_in_bytes":369791072,"size_limit":4345298944},"resident_set_size_in_bytes":553046016},"pid":7,"event_loop_delay":10.310148231404959,"event_loop_delay_histogram":{"min":9.09312,"max":38.502399,"mean":10.310148231404959,"exceeds":0,"stddev":1.6360547505591572,"fromTimestamp":"2023-08-30T11:53:41.937Z","lastUpdatedAt":"2023-08-30T11:53:46.935Z","percentiles":{"50":10.100735,"75":10.117119,"95":10.895359,"99":14.811135}},"uptime_in_millis":90449.453821}],"response_times":{"avg_in_millis":26,"max_in_millis":26},"concurrent_connections":7,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}}}}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "12279" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Tue, 03 Oct 2023 15:59:45 GMT + status: 200 OK + code: 200 + duration: 479.777µs + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic Og== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/fleet/agent_policies/fleet-server-policy + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 1077 + uncompressed: false + body: '{"item":{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}]}}' + headers: + Accept-Ranges: + - bytes + Content-Length: + - "1077" + Content-Type: + - application/json + Date: + - Mon, 27 Nov 2023 18:05:27 GMT + Last-Modified: + - Mon, 06 Mar 2023 12:23:37 GMT + status: 200 OK + code: 200 + duration: 166.075µs diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json deleted file mode 100644 index 65e4184460..0000000000 --- a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json +++ /dev/null @@ -1 +0,0 @@ -{"item":{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}]}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json deleted file mode 100644 index 7247809d6b..0000000000 --- a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json +++ /dev/null @@ -1 +0,0 @@ -{"items":[{"id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:59.587Z","updated_by":"elastic","package_policies":[{"id":"a09f2609-9e8b-4b48-998f-ce99340da027","version":"WzEzMjAsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:33:55.519Z","created_by":"elastic","updated_at":"2022-06-27T15:33:55.519Z","updated_by":"elastic"},{"id":"46331ee9-90a9-4b1f-b568-98641e9bafc9","version":"WzEzMjIsMV0=","name":"nginx-load-balancers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:58.606Z","created_by":"elastic","updated_at":"2022-06-27T15:33:58.606Z","updated_by":"elastic"}],"agents":0},{"id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:05.252Z","updated_by":"elastic","package_policies":[{"id":"863e86ed-8d12-466c-a6b9-b5c3769f4f80","version":"WzkyMywxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:32:53.484Z","created_by":"elastic","updated_at":"2022-06-27T15:32:53.484Z","updated_by":"elastic"},{"id":"9be915b0-9b9b-45e2-adfc-37f18b64d468","version":"WzEwMjIsMV0=","name":"nginx-http-servers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:04.248Z","created_by":"elastic","updated_at":"2022-06-27T15:33:04.248Z","updated_by":"elastic"}],"agents":0},{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}],"agents":1},{"id":"elastic-agent-managed-ep","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Elastic-Agent (elastic-package)","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:01.360Z","updated_by":"system","package_policies":[{"id":"default-system","version":"WzYyMiwxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"elastic-agent-managed-ep","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:31:00.403Z","created_by":"system","updated_at":"2022-06-27T15:31:00.403Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-status.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-status.json deleted file mode 100644 index e6d750c7c1..0000000000 --- a/internal/dump/testdata/fleet-8-mock-dump-all/api-status.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"kibana","uuid":"4d61db22-fa55-4750-91b8-dd344522c879","version":{"number":"8.0.0","build_hash":"57ca5e139a33dd2eed927ce98d8231a1f217cd15","build_number":49192,"build_snapshot":false},"status":{"overall":{"level":"available","summary":"All services are available"},"core":{"elasticsearch":{"level":"available","summary":"Elasticsearch is available","meta":{"warningNodes":[],"incompatibleNodes":[]}},"savedObjects":{"level":"available","summary":"SavedObjects service has completed migrations and is available","meta":{"migratedIndices":{"migrated":0,"skipped":0,"patched":2}}}},"plugins":{"advancedSettings":{"level":"available","summary":"All dependencies are available"},"bfetch":{"level":"available","summary":"All dependencies are available"},"expressionMetricVis":{"level":"available","summary":"All dependencies are available"},"expressionTagcloud":{"level":"available","summary":"All dependencies are available"},"charts":{"level":"available","summary":"All dependencies are available"},"console":{"level":"available","summary":"All dependencies are available"},"customIntegrations":{"level":"available","summary":"All dependencies are available"},"dashboard":{"level":"available","summary":"All dependencies are available"},"data":{"level":"available","summary":"All dependencies are available"},"dataViews":{"level":"available","summary":"All dependencies are available"},"devTools":{"level":"available","summary":"All dependencies are available"},"discover":{"level":"available","summary":"All dependencies are available"},"embeddable":{"level":"available","summary":"All dependencies are available"},"esUiShared":{"level":"available","summary":"All dependencies are available"},"expressionError":{"level":"available","summary":"All dependencies are available"},"expressionImage":{"level":"available","summary":"All dependencies are available"},"expressionMetric":{"level":"available","summary":"All dependencies are available"},"expressionRepeatImage":{"level":"available","summary":"All dependencies are available"},"expressionRevealImage":{"level":"available","summary":"All dependencies are available"},"expressionShape":{"level":"available","summary":"All dependencies are available"},"expressions":{"level":"available","summary":"All dependencies are available"},"fieldFormats":{"level":"available","summary":"All dependencies are available"},"home":{"level":"available","summary":"All dependencies are available"},"indexPatternEditor":{"level":"available","summary":"All dependencies are available"},"indexPatternFieldEditor":{"level":"available","summary":"All dependencies are available"},"indexPatternManagement":{"level":"available","summary":"All dependencies are available"},"inputControlVis":{"level":"available","summary":"All dependencies are available"},"inspector":{"level":"available","summary":"All dependencies are available"},"kibanaLegacy":{"level":"available","summary":"All dependencies are available"},"kibanaOverview":{"level":"available","summary":"All dependencies are available"},"kibanaReact":{"level":"available","summary":"All dependencies are available"},"kibanaUsageCollection":{"level":"available","summary":"All dependencies are available"},"kibanaUtils":{"level":"available","summary":"All dependencies are available"},"management":{"level":"available","summary":"All dependencies are available"},"mapsEms":{"level":"available","summary":"All dependencies are available"},"navigation":{"level":"available","summary":"All dependencies are available"},"newsfeed":{"level":"available","summary":"All dependencies are available"},"presentationUtil":{"level":"available","summary":"All dependencies are available"},"savedObjects":{"level":"available","summary":"All dependencies are available"},"savedObjectsManagement":{"level":"available","summary":"All dependencies are available"},"savedObjectsTaggingOss":{"level":"available","summary":"All dependencies are available"},"screenshotMode":{"level":"available","summary":"All dependencies are available"},"share":{"level":"available","summary":"All dependencies are available"},"telemetry":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionManager":{"level":"available","summary":"All dependencies are available"},"telemetryManagementSection":{"level":"available","summary":"All dependencies are available"},"uiActions":{"level":"available","summary":"All dependencies are available"},"urlForwarding":{"level":"available","summary":"All dependencies are available"},"usageCollection":{"level":"available","summary":"All dependencies are available"},"visDefaultEditor":{"level":"available","summary":"All dependencies are available"},"visTypeMarkdown":{"level":"available","summary":"All dependencies are available"},"visTypeMetric":{"level":"available","summary":"All dependencies are available"},"visTypePie":{"level":"available","summary":"All dependencies are available"},"visTypeTable":{"level":"available","summary":"All dependencies are available"},"visTypeTagcloud":{"level":"available","summary":"All dependencies are available"},"visTypeTimelion":{"level":"available","summary":"All dependencies are available"},"visTypeTimeseries":{"level":"available","summary":"All dependencies are available"},"visTypeVega":{"level":"available","summary":"All dependencies are available"},"visTypeVislib":{"level":"available","summary":"All dependencies are available"},"visTypeXy":{"level":"available","summary":"All dependencies are available"},"visualizations":{"level":"available","summary":"All dependencies are available"},"visualize":{"level":"available","summary":"All dependencies are available"},"actions":{"level":"available","summary":"All dependencies are available"},"alerting":{"level":"available","summary":"Alerting is (probably) ready"},"apm":{"level":"available","summary":"All dependencies are available"},"banners":{"level":"available","summary":"All dependencies are available"},"canvas":{"level":"available","summary":"All dependencies are available"},"cases":{"level":"available","summary":"All dependencies are available"},"cloud":{"level":"available","summary":"All dependencies are available"},"crossClusterReplication":{"level":"available","summary":"All dependencies are available"},"dashboardEnhanced":{"level":"available","summary":"All dependencies are available"},"dataEnhanced":{"level":"available","summary":"All dependencies are available"},"dataVisualizer":{"level":"available","summary":"All dependencies are available"},"discoverEnhanced":{"level":"available","summary":"All dependencies are available"},"urlDrilldown":{"level":"available","summary":"All dependencies are available"},"embeddableEnhanced":{"level":"available","summary":"All dependencies are available"},"encryptedSavedObjects":{"level":"available","summary":"All dependencies are available"},"enterpriseSearch":{"level":"available","summary":"All dependencies are available"},"eventLog":{"level":"available","summary":"All dependencies are available"},"features":{"level":"available","summary":"All dependencies are available"},"fileUpload":{"level":"available","summary":"All dependencies are available"},"fleet":{"level":"available","summary":"Fleet is available"},"globalSearch":{"level":"available","summary":"All dependencies are available"},"globalSearchBar":{"level":"available","summary":"All dependencies are available"},"globalSearchProviders":{"level":"available","summary":"All dependencies are available"},"graph":{"level":"available","summary":"All dependencies are available"},"grokdebugger":{"level":"available","summary":"All dependencies are available"},"indexLifecycleManagement":{"level":"available","summary":"All dependencies are available"},"indexManagement":{"level":"available","summary":"All dependencies are available"},"infra":{"level":"available","summary":"All dependencies are available"},"ingestPipelines":{"level":"available","summary":"All dependencies are available"},"lens":{"level":"available","summary":"All dependencies are available"},"licenseApiGuard":{"level":"available","summary":"All dependencies are available"},"licenseManagement":{"level":"available","summary":"All dependencies are available"},"licensing":{"level":"available","summary":"License fetched"},"lists":{"level":"available","summary":"All dependencies are available"},"logstash":{"level":"available","summary":"All dependencies are available"},"maps":{"level":"available","summary":"All dependencies are available"},"ml":{"level":"available","summary":"All dependencies are available"},"monitoring":{"level":"available","summary":"All dependencies are available"},"observability":{"level":"available","summary":"All dependencies are available"},"osquery":{"level":"available","summary":"All dependencies are available"},"painlessLab":{"level":"available","summary":"All dependencies are available"},"remoteClusters":{"level":"available","summary":"All dependencies are available"},"reporting":{"level":"available","summary":"All dependencies are available"},"rollup":{"level":"available","summary":"All dependencies are available"},"ruleRegistry":{"level":"available","summary":"All dependencies are available"},"runtimeFields":{"level":"available","summary":"All dependencies are available"},"savedObjectsTagging":{"level":"available","summary":"All dependencies are available"},"screenshotting":{"level":"available","summary":"All dependencies are available"},"searchprofiler":{"level":"available","summary":"All dependencies are available"},"security":{"level":"available","summary":"All dependencies are available"},"securitySolution":{"level":"available","summary":"All dependencies are available"},"snapshotRestore":{"level":"available","summary":"All dependencies are available"},"spaces":{"level":"available","summary":"All dependencies are available"},"stackAlerts":{"level":"available","summary":"All dependencies are available"},"taskManager":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionXpack":{"level":"available","summary":"All dependencies are available"},"timelines":{"level":"available","summary":"All dependencies are available"},"transform":{"level":"available","summary":"All dependencies are available"},"translations":{"level":"available","summary":"All dependencies are available"},"triggersActionsUi":{"level":"available","summary":"All dependencies are available"},"uiActionsEnhanced":{"level":"available","summary":"All dependencies are available"},"upgradeAssistant":{"level":"available","summary":"All dependencies are available"},"uptime":{"level":"available","summary":"All dependencies are available"},"watcher":{"level":"available","summary":"All dependencies are available"}}},"metrics":{"last_updated":"2023-08-30T11:53:46.940Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":3.9,"5m":2.38,"15m":1.66},"memory":{"total_in_bytes":33358266368,"free_in_bytes":276086784,"used_in_bytes":33082179584},"uptime_in_millis":775478260,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04"},"process":{"memory":{"heap":{"total_in_bytes":467066880,"used_in_bytes":369791072,"size_limit":4345298944},"resident_set_size_in_bytes":553046016},"pid":7,"event_loop_delay":10.310148231404959,"event_loop_delay_histogram":{"min":9.09312,"max":38.502399,"mean":10.310148231404959,"exceeds":0,"stddev":1.6360547505591572,"fromTimestamp":"2023-08-30T11:53:41.937Z","lastUpdatedAt":"2023-08-30T11:53:46.935Z","percentiles":{"50":10.100735,"75":10.117119,"95":10.895359,"99":14.811135}},"uptime_in_millis":90449.453821},"processes":[{"memory":{"heap":{"total_in_bytes":467066880,"used_in_bytes":369791072,"size_limit":4345298944},"resident_set_size_in_bytes":553046016},"pid":7,"event_loop_delay":10.310148231404959,"event_loop_delay_histogram":{"min":9.09312,"max":38.502399,"mean":10.310148231404959,"exceeds":0,"stddev":1.6360547505591572,"fromTimestamp":"2023-08-30T11:53:41.937Z","lastUpdatedAt":"2023-08-30T11:53:46.935Z","percentiles":{"50":10.100735,"75":10.117119,"95":10.895359,"99":14.811135}},"uptime_in_millis":90449.453821}],"response_times":{"avg_in_millis":26,"max_in_millis":26},"concurrent_connections":7,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}}}} \ No newline at end of file diff --git a/internal/kibana/client.go b/internal/kibana/client.go index df5923ecd7..c53ee63e61 100644 --- a/internal/kibana/client.go +++ b/internal/kibana/client.go @@ -35,8 +35,9 @@ type Client struct { versionInfo VersionInfo semver *semver.Version - retryMax int - http *http.Client + retryMax int + http *http.Client + httpClientSetup func(*http.Client) *http.Client } // ClientOption is functional option modifying Kibana client. @@ -121,6 +122,13 @@ func CertificateAuthority(certificateAuthority string) ClientOption { } } +// HTTPClientSetup adds an initializing function for the http client. +func HTTPClientSetup(setup func(*http.Client) *http.Client) ClientOption { + return func(c *Client) { + c.httpClientSetup = setup + } +} + func (c *Client) get(resourcePath string) (int, []byte, error) { return c.SendRequest(http.MethodGet, resourcePath, nil) } @@ -212,5 +220,9 @@ func (c *Client) newHttpClient() (*http.Client, error) { client = retry.WrapHTTPClient(client, opts) } + if c.httpClientSetup != nil { + client = c.httpClientSetup(client) + } + return client, nil } diff --git a/internal/kibana/test/httptest.go b/internal/kibana/test/httptest.go index e24d6b9ebb..711361b70f 100644 --- a/internal/kibana/test/httptest.go +++ b/internal/kibana/test/httptest.go @@ -6,13 +6,11 @@ package test import ( "net/http" - "net/http/httptest" "os" - "path/filepath" - "strings" "testing" "github.com/stretchr/testify/require" + "gopkg.in/dnaeon/go-vcr.v3/recorder" "github.com/elastic/elastic-package/internal/kibana" "github.com/elastic/elastic-package/internal/stack" @@ -23,53 +21,34 @@ import ( // elastic-package stack, and records the response. // Responses are recorded in the directory indicated by serverDataDir. func NewClient(t *testing.T, serverDataDir string) *kibana.Client { - server := testKibanaServer(t, serverDataDir) - t.Cleanup(func() { server.Close() }) + setupHTTPClient := func(client *http.Client) *http.Client { + rec, err := recorder.NewWithOptions(&recorder.Options{ + CassetteName: serverDataDir, + Mode: recorder.ModeReplayWithNewEpisodes, + SkipRequestLatency: true, + RealTransport: client.Transport, + }) + require.NoError(t, err) + t.Cleanup(func() { + err := rec.Stop() + require.NoError(t, err) + }) + return rec.GetDefaultClient() + } + address := os.Getenv(stack.KibanaHostEnv) + if address == "" { + address = "https://127.0.0.1:5601" + } client, err := kibana.NewClient( - kibana.Address(server.URL), + kibana.Address(address), + kibana.Password(os.Getenv(stack.ElasticsearchPasswordEnv)), + kibana.Username(os.Getenv(stack.ElasticsearchUsernameEnv)), + kibana.CertificateAuthority(os.Getenv(stack.CACertificateEnv)), + + kibana.HTTPClientSetup(setupHTTPClient), ) require.NoError(t, err) return client } - -func testKibanaServer(t *testing.T, mockServerDir string) *httptest.Server { - return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - t.Log(r.Method, r.URL.String()) - f := filepath.Join(mockServerDir, pathForURL(r.URL.String())) - if _, err := os.Stat(f); err != nil { - recordRequest(t, r, f) - } - http.ServeFile(w, r, f) - })) -} - -var pathReplacer = strings.NewReplacer("/", "-", "*", "_", "?", ".", "&", ".") - -// FIXME duplicated in internal/elasticsearch/test/http_test.go -func pathForURL(url string) string { - clean := strings.Trim(url, "/") - if len(clean) == 0 { - return "root.json" - } - return pathReplacer.Replace(clean) + ".json" -} - -func recordRequest(t *testing.T, r *http.Request, path string) { - client, err := stack.NewKibanaClient() - require.NoError(t, err) - - t.Logf("Recording %s in %s", r.URL.RequestURI(), path) - status, respBody, err := client.SendRequest(http.MethodGet, r.URL.RequestURI(), nil) - require.Equal(t, 200, status) - require.NoError(t, err) - - os.MkdirAll(filepath.Dir(path), 0755) - f, err := os.Create(path) - require.NoError(t, err) - defer f.Close() - - _, err = f.Write(respBody) - require.NoError(t, err) -} From 569fc1d7799f3cbdd9b43161987f2982e343289c Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 20:48:06 +0100 Subject: [PATCH 07/10] Record requests for saved object tests --- internal/elasticsearch/test/httptest.go | 2 +- internal/kibana/saved_objects_test.go | 18 +- internal/kibana/test/httptest.go | 3 +- .../testdata/kibana-8-mock-set-managed.yaml | 437 ++++++++++++++++++ 4 files changed, 445 insertions(+), 15 deletions(-) create mode 100644 internal/kibana/testdata/kibana-8-mock-set-managed.yaml diff --git a/internal/elasticsearch/test/httptest.go b/internal/elasticsearch/test/httptest.go index 63ea5e16ab..9eb666e9eb 100644 --- a/internal/elasticsearch/test/httptest.go +++ b/internal/elasticsearch/test/httptest.go @@ -34,7 +34,7 @@ func NewClient(t *testing.T, serverDataDir string) *elasticsearch.Client { rec, err := recorder.NewWithOptions(&recorder.Options{ CassetteName: serverDataDir, - Mode: recorder.ModeReplayWithNewEpisodes, + Mode: recorder.ModeRecordOnce, SkipRequestLatency: true, RealTransport: config.Transport, }) diff --git a/internal/kibana/saved_objects_test.go b/internal/kibana/saved_objects_test.go index 2a97014470..c48032860d 100644 --- a/internal/kibana/saved_objects_test.go +++ b/internal/kibana/saved_objects_test.go @@ -5,39 +5,31 @@ package kibana_test import ( - "errors" "net/http" "testing" - "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/elastic/elastic-package/internal/kibana" - "github.com/elastic/elastic-package/internal/stack" + kibanatest "github.com/elastic/elastic-package/internal/kibana/test" ) func TestSetManagedSavedObject(t *testing.T) { - // TODO: Use kibana test client when we support recording POST requests. - client, err := stack.NewKibanaClient(kibana.RetryMax(0)) - var undefinedEnvError *stack.ErrUndefinedEnv - if errors.As(err, &undefinedEnvError) { - t.Skip("Kibana host required:", err) - } - require.NoError(t, err) + client := kibanatest.NewClient(t, "testdata/kibana-8-mock-set-managed") id := preloadDashboard(t, client) require.True(t, getManagedSavedObject(t, client, "dashboard", id)) - err = client.SetManagedSavedObject("dashboard", id, false) + err := client.SetManagedSavedObject("dashboard", id, false) require.NoError(t, err) assert.False(t, getManagedSavedObject(t, client, "dashboard", id)) } func preloadDashboard(t *testing.T, client *kibana.Client) string { - id := uuid.New().String() + id := "test-managed-saved-objects" importRequest := kibana.ImportSavedObjectsRequest{ - Overwrite: false, // Highly unlikely, but avoid overwriting existing objects. + Overwrite: false, // We should not need to overwrite objects. Objects: []map[string]any{ { "attributes": map[string]any{ diff --git a/internal/kibana/test/httptest.go b/internal/kibana/test/httptest.go index 711361b70f..74826f1930 100644 --- a/internal/kibana/test/httptest.go +++ b/internal/kibana/test/httptest.go @@ -24,7 +24,7 @@ func NewClient(t *testing.T, serverDataDir string) *kibana.Client { setupHTTPClient := func(client *http.Client) *http.Client { rec, err := recorder.NewWithOptions(&recorder.Options{ CassetteName: serverDataDir, - Mode: recorder.ModeReplayWithNewEpisodes, + Mode: recorder.ModeRecordOnce, SkipRequestLatency: true, RealTransport: client.Transport, }) @@ -47,6 +47,7 @@ func NewClient(t *testing.T, serverDataDir string) *kibana.Client { kibana.CertificateAuthority(os.Getenv(stack.CACertificateEnv)), kibana.HTTPClientSetup(setupHTTPClient), + kibana.RetryMax(0), ) require.NoError(t, err) diff --git a/internal/kibana/testdata/kibana-8-mock-set-managed.yaml b/internal/kibana/testdata/kibana-8-mock-set-managed.yaml new file mode 100644 index 0000000000..58f6c8a3d6 --- /dev/null +++ b/internal/kibana/testdata/kibana-8-mock-set-managed.yaml @@ -0,0 +1,437 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/status + method: GET + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: + - chunked + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"kibana","uuid":"ac342633-d520-4ca4-a2f6-c769ed6d1ddf","version":{"number":"8.10.1","build_hash":"6957ba896ec80fbaeaa269debfdce1478bdde661","build_number":66390,"build_snapshot":false,"build_date":"2023-09-14T23:20:44.999Z"},"status":{"overall":{"level":"available","summary":"All services are available"},"core":{"elasticsearch":{"level":"available","summary":"Elasticsearch is available","meta":{"warningNodes":[],"incompatibleNodes":[]}},"savedObjects":{"level":"available","summary":"SavedObjects service has completed migrations and is available","meta":{"migratedIndices":{"migrated":0,"skipped":0,"patched":6}}}},"plugins":{"licensing":{"level":"available","summary":"License fetched"},"banners":{"level":"available","summary":"All dependencies are available"},"customBranding":{"level":"available","summary":"All dependencies are available"},"features":{"level":"available","summary":"All dependencies are available"},"globalSearch":{"level":"available","summary":"All dependencies are available"},"mapsEms":{"level":"available","summary":"All dependencies are available"},"globalSearchProviders":{"level":"available","summary":"All dependencies are available"},"guidedOnboarding":{"level":"available","summary":"All dependencies are available"},"home":{"level":"available","summary":"All dependencies are available"},"console":{"level":"available","summary":"All dependencies are available"},"grokdebugger":{"level":"available","summary":"All dependencies are available"},"management":{"level":"available","summary":"All dependencies are available"},"painlessLab":{"level":"available","summary":"All dependencies are available"},"searchprofiler":{"level":"available","summary":"All dependencies are available"},"advancedSettings":{"level":"available","summary":"All dependencies are available"},"cloudDataMigration":{"level":"available","summary":"All dependencies are available"},"spaces":{"level":"available","summary":"All dependencies are available"},"eventLog":{"level":"available","summary":"All dependencies are available"},"security":{"level":"available","summary":"All dependencies are available"},"cloudLinks":{"level":"available","summary":"All dependencies are available"},"data":{"level":"available","summary":"All dependencies are available"},"encryptedSavedObjects":{"level":"available","summary":"All dependencies are available"},"files":{"level":"available","summary":"All dependencies are available"},"lists":{"level":"available","summary":"All dependencies are available"},"snapshotRestore":{"level":"available","summary":"All dependencies are available"},"telemetry":{"level":"available","summary":"All dependencies are available"},"actions":{"level":"available","summary":"All dependencies are available"},"dataViewEditor":{"level":"available","summary":"All dependencies are available"},"dataViewFieldEditor":{"level":"available","summary":"All dependencies are available"},"ecsDataQualityDashboard":{"level":"available","summary":"All dependencies are available"},"fileUpload":{"level":"available","summary":"All dependencies are available"},"filesManagement":{"level":"available","summary":"All dependencies are available"},"licenseManagement":{"level":"available","summary":"All dependencies are available"},"savedObjects":{"level":"available","summary":"All dependencies are available"},"telemetryManagementSection":{"level":"available","summary":"All dependencies are available"},"ingestPipelines":{"level":"available","summary":"All dependencies are available"},"notifications":{"level":"available","summary":"All dependencies are available"},"savedObjectsTaggingOss":{"level":"available","summary":"All dependencies are available"},"watcher":{"level":"available","summary":"All dependencies are available"},"savedObjectsManagement":{"level":"available","summary":"All dependencies are available"},"savedObjectsTagging":{"level":"available","summary":"All dependencies are available"},"embeddable":{"level":"available","summary":"All dependencies are available"},"globalSearchBar":{"level":"available","summary":"All dependencies are available"},"unifiedSearch":{"level":"available","summary":"All dependencies are available"},"dataViewManagement":{"level":"available","summary":"All dependencies are available"},"imageEmbeddable":{"level":"available","summary":"All dependencies are available"},"navigation":{"level":"available","summary":"All dependencies are available"},"presentationUtil":{"level":"available","summary":"All dependencies are available"},"savedSearch":{"level":"available","summary":"All dependencies are available"},"uiActionsEnhanced":{"level":"available","summary":"All dependencies are available"},"controls":{"level":"available","summary":"All dependencies are available"},"embeddableEnhanced":{"level":"available","summary":"All dependencies are available"},"expressionError":{"level":"available","summary":"All dependencies are available"},"expressionImage":{"level":"available","summary":"All dependencies are available"},"expressionMetric":{"level":"available","summary":"All dependencies are available"},"expressionRepeatImage":{"level":"available","summary":"All dependencies are available"},"expressionRevealImage":{"level":"available","summary":"All dependencies are available"},"expressionShape":{"level":"available","summary":"All dependencies are available"},"graph":{"level":"available","summary":"All dependencies are available"},"kibanaOverview":{"level":"available","summary":"All dependencies are available"},"urlDrilldown":{"level":"available","summary":"All dependencies are available"},"visualizations":{"level":"available","summary":"All dependencies are available"},"dashboard":{"level":"available","summary":"All dependencies are available"},"eventAnnotation":{"level":"available","summary":"All dependencies are available"},"expressionGauge":{"level":"available","summary":"All dependencies are available"},"expressionHeatmap":{"level":"available","summary":"All dependencies are available"},"expressionLegacyMetricVis":{"level":"available","summary":"All dependencies are available"},"expressionMetricVis":{"level":"available","summary":"All dependencies are available"},"expressionPartitionVis":{"level":"available","summary":"All dependencies are available"},"expressionTagcloud":{"level":"available","summary":"All dependencies are available"},"visDefaultEditor":{"level":"available","summary":"All dependencies are available"},"visTypeHeatmap":{"level":"available","summary":"All dependencies are available"},"visTypeMarkdown":{"level":"available","summary":"All dependencies are available"},"visTypeMetric":{"level":"available","summary":"All dependencies are available"},"visTypeTable":{"level":"available","summary":"All dependencies are available"},"visTypeTagcloud":{"level":"available","summary":"All dependencies are available"},"visTypeTimelion":{"level":"available","summary":"All dependencies are available"},"visTypeTimeseries":{"level":"available","summary":"All dependencies are available"},"visTypeVega":{"level":"available","summary":"All dependencies are available"},"visTypeVislib":{"level":"available","summary":"All dependencies are available"},"visTypeXy":{"level":"available","summary":"All dependencies are available"},"dashboardEnhanced":{"level":"available","summary":"All dependencies are available"},"expressionXY":{"level":"available","summary":"All dependencies are available"},"inputControlVis":{"level":"available","summary":"All dependencies are available"},"triggersActionsUi":{"level":"available","summary":"All dependencies are available"},"visTypeGauge":{"level":"available","summary":"All dependencies are available"},"visTypePie":{"level":"available","summary":"All dependencies are available"},"lens":{"level":"available","summary":"All dependencies are available"},"ruleRegistry":{"level":"available","summary":"All dependencies are available"},"stackAlerts":{"level":"available","summary":"All dependencies are available"},"stackConnectors":{"level":"available","summary":"All dependencies are available"},"transform":{"level":"available","summary":"All dependencies are available"},"cases":{"level":"available","summary":"All dependencies are available"},"discover":{"level":"available","summary":"All dependencies are available"},"maps":{"level":"available","summary":"All dependencies are available"},"aiops":{"level":"available","summary":"All dependencies are available"},"dataVisualizer":{"level":"available","summary":"All dependencies are available"},"discoverEnhanced":{"level":"available","summary":"All dependencies are available"},"observabilityShared":{"level":"available","summary":"All dependencies are available"},"reporting":{"level":"available","summary":"All dependencies are available"},"threatIntelligence":{"level":"available","summary":"All dependencies are available"},"timelines":{"level":"available","summary":"All dependencies are available"},"canvas":{"level":"available","summary":"All dependencies are available"},"cloudSecurityPosture":{"level":"available","summary":"All dependencies are available"},"discoverLogExplorer":{"level":"available","summary":"All dependencies are available"},"indexManagement":{"level":"available","summary":"All dependencies are available"},"ml":{"level":"available","summary":"All dependencies are available"},"observabilityAIAssistant":{"level":"available","summary":"All dependencies are available"},"osquery":{"level":"available","summary":"All dependencies are available"},"sessionView":{"level":"available","summary":"All dependencies are available"},"exploratoryView":{"level":"available","summary":"All dependencies are available"},"indexLifecycleManagement":{"level":"available","summary":"All dependencies are available"},"kubernetesSecurity":{"level":"available","summary":"All dependencies are available"},"logsShared":{"level":"available","summary":"All dependencies are available"},"remoteClusters":{"level":"available","summary":"All dependencies are available"},"rollup":{"level":"available","summary":"All dependencies are available"},"cloudDefend":{"level":"available","summary":"All dependencies are available"},"crossClusterReplication":{"level":"available","summary":"All dependencies are available"},"enterpriseSearch":{"level":"available","summary":"All dependencies are available"},"observability":{"level":"available","summary":"All dependencies are available"},"infra":{"level":"available","summary":"All dependencies are available"},"observabilityOnboarding":{"level":"available","summary":"All dependencies are available"},"securitySolution":{"level":"available","summary":"All dependencies are available"},"synthetics":{"level":"available","summary":"All dependencies are available"},"uptime":{"level":"available","summary":"All dependencies are available"},"apm":{"level":"available","summary":"All dependencies are available"},"monitoring":{"level":"available","summary":"All dependencies are available"},"securitySolutionEss":{"level":"available","summary":"All dependencies are available"},"upgradeAssistant":{"level":"available","summary":"All dependencies are available"},"logstash":{"level":"available","summary":"All dependencies are available"},"ux":{"level":"available","summary":"All dependencies are available"},"alerting":{"level":"available","summary":"Alerting is (probably) ready"},"fleet":{"level":"available","summary":"Fleet is available"},"assetManager":{"level":"available","summary":"All dependencies are available"},"bfetch":{"level":"available","summary":"All dependencies are available"},"cloudChatProvider":{"level":"available","summary":"All dependencies are available"},"contentManagement":{"level":"available","summary":"All dependencies are available"},"customIntegrations":{"level":"available","summary":"All dependencies are available"},"esUiShared":{"level":"available","summary":"All dependencies are available"},"expressions":{"level":"available","summary":"All dependencies are available"},"fieldFormats":{"level":"available","summary":"All dependencies are available"},"ftrApis":{"level":"available","summary":"All dependencies are available"},"kibanaReact":{"level":"available","summary":"All dependencies are available"},"kibanaUtils":{"level":"available","summary":"All dependencies are available"},"licenseApiGuard":{"level":"available","summary":"All dependencies are available"},"monitoringCollection":{"level":"available","summary":"All dependencies are available"},"runtimeFields":{"level":"available","summary":"All dependencies are available"},"savedObjectsFinder":{"level":"available","summary":"All dependencies are available"},"screenshotMode":{"level":"available","summary":"All dependencies are available"},"share":{"level":"available","summary":"All dependencies are available"},"textBasedLanguages":{"level":"available","summary":"All dependencies are available"},"translations":{"level":"available","summary":"All dependencies are available"},"unifiedHistogram":{"level":"available","summary":"All dependencies are available"},"urlForwarding":{"level":"available","summary":"All dependencies are available"},"charts":{"level":"available","summary":"All dependencies are available"},"devTools":{"level":"available","summary":"All dependencies are available"},"inspector":{"level":"available","summary":"All dependencies are available"},"newsfeed":{"level":"available","summary":"All dependencies are available"},"usageCollection":{"level":"available","summary":"All dependencies are available"},"cloud":{"level":"available","summary":"All dependencies are available"},"dataViews":{"level":"available","summary":"All dependencies are available"},"kibanaUsageCollection":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionManager":{"level":"available","summary":"All dependencies are available"},"screenshotting":{"level":"available","summary":"All dependencies are available"},"telemetryCollectionXpack":{"level":"available","summary":"All dependencies are available"},"uiActions":{"level":"available","summary":"All dependencies are available"},"taskManager":{"level":"available","summary":"All dependencies are available"}}},"metrics":{"last_updated":"2023-11-27T19:51:49.728Z","collection_interval_in_millis":5000,"os":{"platform":"linux","platformRelease":"linux-5.19.0-50-generic","load":{"1m":0.86,"5m":0.88,"15m":1.01},"memory":{"total_in_bytes":33358274560,"free_in_bytes":16886738944,"used_in_bytes":16471535616},"uptime_in_millis":1455617740,"distro":"Ubuntu","distroRelease":"Ubuntu-20.04","cpu":{"cfs_quota_micros":-1,"cfs_period_micros":100000,"control_group":"/","stat":{"number_of_elapsed_periods":0,"number_of_times_throttled":0,"time_throttled_nanos":0}},"cpuacct":{"control_group":"/","usage_nanos":129635956}},"process":{"memory":{"heap":{"total_in_bytes":379478016,"used_in_bytes":307482584,"size_limit":4345298944},"resident_set_size_in_bytes":610041856},"pid":7,"event_loop_delay":10.180566204081632,"event_loop_delay_histogram":{"min":9.09312,"max":14.802943,"mean":10.180566204081632,"exceeds":0,"stddev":0.3563497155805315,"fromTimestamp":"2023-11-27T19:51:44.728Z","lastUpdatedAt":"2023-11-27T19:51:49.726Z","percentiles":{"50":10.174463,"75":10.239999,"95":10.428415,"99":10.625023}},"event_loop_utilization":{"active":60.17837201897055,"idle":4938.283816999756,"utilization":0.012039377261106075},"uptime_in_millis":4041872.0336269997},"processes":[{"memory":{"heap":{"total_in_bytes":379478016,"used_in_bytes":307482584,"size_limit":4345298944},"resident_set_size_in_bytes":610041856},"pid":7,"event_loop_delay":10.180566204081632,"event_loop_delay_histogram":{"min":9.09312,"max":14.802943,"mean":10.180566204081632,"exceeds":0,"stddev":0.3563497155805315,"fromTimestamp":"2023-11-27T19:51:44.728Z","lastUpdatedAt":"2023-11-27T19:51:49.726Z","percentiles":{"50":10.174463,"75":10.239999,"95":10.428415,"99":10.625023}},"event_loop_utilization":{"active":60.17837201897055,"idle":4938.283816999756,"utilization":0.012039377261106075},"uptime_in_millis":4041872.0336269997}],"response_times":{"avg_in_millis":9,"max_in_millis":9},"concurrent_connections":0,"requests":{"disconnects":0,"total":1,"statusCodes":{"200":1},"status_codes":{"200":1}},"elasticsearch_client":{"totalActiveSockets":0,"totalIdleSockets":3,"totalQueuedRequests":0}}}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/json; charset=utf-8 + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:54 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + Vary: + - accept-encoding + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 24.268951ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 354 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "--d231f05799994258c4fcd91ad70a8f7fc43274e388c409f83302bde62018\r\nContent-Disposition: form-data; name=\"file\"; filename=\"file.ndjson\"\r\nContent-Type: application/octet-stream\r\n\r\n{\"attributes\":{\"title\":\"Empty Dashboard\"},\"id\":\"test-managed-saved-objects\",\"managed\":true,\"type\":\"dashboard\"}\n\r\n--d231f05799994258c4fcd91ad70a8f7fc43274e388c409f83302bde62018--\r\n" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - multipart/form-data; boundary=d231f05799994258c4fcd91ad70a8f7fc43274e388c409f83302bde62018 + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/saved_objects/_import + method: POST + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 193 + uncompressed: false + body: '{"successCount":1,"success":true,"warnings":[],"successResults":[{"type":"dashboard","id":"test-managed-saved-objects","meta":{"title":"Empty Dashboard","icon":"dashboardApp"},"managed":true}]}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Length: + - "193" + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/json; charset=utf-8 + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:54 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 413.5013ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 126 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: '{"excludeExportDetails":true,"includeReferencesDeep":false,"objects":[{"id":"test-managed-saved-objects","type":"dashboard"}]}' + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/saved_objects/_export + method: POST + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 311 + uncompressed: false + body: '{"attributes":{"panelsJSON":"[]","title":"Empty Dashboard"},"coreMigrationVersion":"8.8.0","created_at":"2023-11-27T19:51:54.274Z","id":"test-managed-saved-objects","managed":true,"references":[],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2023-11-27T19:51:54.274Z","version":"WzEwOSwxXQ=="}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Disposition: + - attachment; filename="export.ndjson" + Content-Length: + - "311" + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/ndjson + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:54 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 9.351776ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 126 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: '{"excludeExportDetails":true,"includeReferencesDeep":false,"objects":[{"id":"test-managed-saved-objects","type":"dashboard"}]}' + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/saved_objects/_export + method: POST + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 311 + uncompressed: false + body: '{"attributes":{"panelsJSON":"[]","title":"Empty Dashboard"},"coreMigrationVersion":"8.8.0","created_at":"2023-11-27T19:51:54.274Z","id":"test-managed-saved-objects","managed":true,"references":[],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2023-11-27T19:51:54.274Z","version":"WzEwOSwxXQ=="}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Disposition: + - attachment; filename="export.ndjson" + Content-Length: + - "311" + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/ndjson + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:54 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 11.463758ms + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 556 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "--c4e5110eb103302fdb764571df144ade179ba6a78acdc763675124626e89\r\nContent-Disposition: form-data; name=\"file\"; filename=\"file.ndjson\"\r\nContent-Type: application/octet-stream\r\n\r\n{\"attributes\":{\"panelsJSON\":\"[]\",\"title\":\"Empty Dashboard\"},\"coreMigrationVersion\":\"8.8.0\",\"created_at\":\"2023-11-27T19:51:54.274Z\",\"id\":\"test-managed-saved-objects\",\"managed\":false,\"references\":[],\"type\":\"dashboard\",\"typeMigrationVersion\":\"8.9.0\",\"updated_at\":\"2023-11-27T19:51:54.274Z\",\"version\":\"WzEwOSwxXQ==\"}\n\r\n--c4e5110eb103302fdb764571df144ade179ba6a78acdc763675124626e89--\r\n" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - multipart/form-data; boundary=c4e5110eb103302fdb764571df144ade179ba6a78acdc763675124626e89 + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/saved_objects/_import?overwrite=true + method: POST + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 211 + uncompressed: false + body: '{"successCount":1,"success":true,"warnings":[],"successResults":[{"type":"dashboard","id":"test-managed-saved-objects","meta":{"title":"Empty Dashboard","icon":"dashboardApp"},"managed":false,"overwrite":true}]}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Length: + - "211" + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/json; charset=utf-8 + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:55 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 987.517416ms + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 126 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: '{"excludeExportDetails":true,"includeReferencesDeep":false,"objects":[{"id":"test-managed-saved-objects","type":"dashboard"}]}' + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/saved_objects/_export + method: POST + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 312 + uncompressed: false + body: '{"attributes":{"panelsJSON":"[]","title":"Empty Dashboard"},"coreMigrationVersion":"8.8.0","created_at":"2023-11-27T19:51:54.697Z","id":"test-managed-saved-objects","managed":false,"references":[],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2023-11-27T19:51:54.697Z","version":"WzExMCwxXQ=="}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Disposition: + - attachment; filename="export.ndjson" + Content-Length: + - "312" + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/ndjson + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:55 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 8.412405ms + - id: 6 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: 127.0.0.1:5601 + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Authorization: + - Basic ZWxhc3RpYzpjaGFuZ2VtZQ== + Content-Type: + - application/json + Kbn-Xsrf: + - 8.10.1 + url: https://127.0.0.1:5601/api/saved_objects/dashboard/test-managed-saved-objects + method: DELETE + response: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + transfer_encoding: [] + trailer: {} + content_length: 2 + uncompressed: false + body: '{}' + headers: + Cache-Control: + - private, no-cache, no-store, must-revalidate + Connection: + - keep-alive + Content-Length: + - "2" + Content-Security-Policy: + - 'script-src ''self''; worker-src blob: ''self''; style-src ''unsafe-inline'' ''self''' + Content-Type: + - application/json; charset=utf-8 + Cross-Origin-Opener-Policy: + - same-origin + Date: + - Mon, 27 Nov 2023 19:51:56 GMT + Kbn-License-Sig: + - f0ae7ae108395463da89bade52208713b4111c97704925e60abb2bef6dd69cfd + Kbn-Name: + - kibana + Keep-Alive: + - timeout=120 + Permissions-Policy: + - camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=() + Referrer-Policy: + - no-referrer-when-downgrade + X-Content-Type-Options: + - nosniff + status: 200 OK + code: 200 + duration: 1.002249614s From 69c540dc61bdef642912b6936455e04486a0e132 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 27 Nov 2023 21:01:16 +0100 Subject: [PATCH 08/10] Add comment --- internal/kibana/saved_objects_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/kibana/saved_objects_test.go b/internal/kibana/saved_objects_test.go index c48032860d..d8416989b7 100644 --- a/internal/kibana/saved_objects_test.go +++ b/internal/kibana/saved_objects_test.go @@ -16,6 +16,9 @@ import ( ) func TestSetManagedSavedObject(t *testing.T) { + // Recorded requests are not going to match the boundaries of + // multipart fields in requests, but we can ignore it by now as + // we are mostly interested on the bodies of the responses. client := kibanatest.NewClient(t, "testdata/kibana-8-mock-set-managed") id := preloadDashboard(t, client) From 281602b9e3d2a6d650bd2f1910e658018ce51462 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Tue, 28 Nov 2023 11:47:32 +0100 Subject: [PATCH 09/10] Update comments with instructions to update recordings --- internal/dump/agentpolicies_test.go | 11 +++++++++++ internal/dump/installedobjects_test.go | 15 +++++++++++++++ internal/elasticsearch/client_test.go | 4 ++++ internal/kibana/savedobjects_test.go | 1 + 4 files changed, 31 insertions(+) diff --git a/internal/dump/agentpolicies_test.go b/internal/dump/agentpolicies_test.go index fba0e7832d..fb251a71e1 100644 --- a/internal/dump/agentpolicies_test.go +++ b/internal/dump/agentpolicies_test.go @@ -24,8 +24,16 @@ func TestDumpAgentPolicies(t *testing.T) { // - Configure environment variables for this stack (eval "$(elastic-package stack shellinit)"). // - Run tests. // - Check that recorded files make sense and commit them. + // To update the suite: + // - Reproduce the scenario as described in the comments. + // - Remove the files that you want to update. + // - Follow the same steps to create a new suite. + // - Check if the changes are the expected ones and commit them. suites := []*agentPoliciesDumpSuite{ &agentPoliciesDumpSuite{ + // To reproduce this scenario: + // - Start stack with version 7.17.0. + // - Install nginx package. AgentPolicy: "499b5aa7-d214-5b5d-838b-3cd76469844e", PackageName: "nginx", Record: "./testdata/fleet-7-mock-dump-all", @@ -34,6 +42,9 @@ func TestDumpAgentPolicies(t *testing.T) { DumpDirAgentPolicy: "./testdata/fleet-7-dump/agentpolicy", }, &agentPoliciesDumpSuite{ + // To reproduce this scenario: + // - Start stack with version 8.0.0. + // - Install nginx package. AgentPolicy: "fleet-server-policy", PackageName: "nginx", Record: "./testdata/fleet-8-mock-dump-all", diff --git a/internal/dump/installedobjects_test.go b/internal/dump/installedobjects_test.go index c669dea323..073c3a78a1 100644 --- a/internal/dump/installedobjects_test.go +++ b/internal/dump/installedobjects_test.go @@ -30,18 +30,33 @@ func TestDumpInstalledObjects(t *testing.T) { // - Configure environment variables for this stack (eval "$(elastic-package stack shellinit)"). // - Run tests. // - Check that recorded files make sense and commit them. + // To update a suite: + // - Reproduce the scenario as described in the comments. + // - Remove the files that you want to update. + // - Follow the same steps to create a new suite. + // - Check if the changes are the expected ones and commit them. suites := []*installedObjectsDumpSuite{ &installedObjectsDumpSuite{ + // To reproduce the scenario: + // - Start the stack with version 7.16.2. + // - Install apache package (1.3.4). PackageName: "apache", Record: "./testdata/elasticsearch-7-mock-dump-apache", DumpDir: "./testdata/elasticsearch-7-apache-dump-all", }, &installedObjectsDumpSuite{ + // To reproduce the scenario: + // - Start the stack with version 8.1.0. + // - Install apache package (1.3.6). PackageName: "apache", Record: "./testdata/elasticsearch-8-mock-dump-apache", DumpDir: "./testdata/elasticsearch-8-apache-dump-all", }, &installedObjectsDumpSuite{ + // To reproduce the scenario: + // - Start the stack with version 8.9.0. + // - Install dga package (2.1.0). + // - Manually replace the `compressed_definition` fields with "//REDACTED//". PackageName: "dga", Record: "./testdata/elasticsearch-8-mock-dump-dga", DumpDir: "./testdata/elasticsearch-8-dga-dump-all", diff --git a/internal/elasticsearch/client_test.go b/internal/elasticsearch/client_test.go index 131fe6cd1f..b39f55fb8b 100644 --- a/internal/elasticsearch/client_test.go +++ b/internal/elasticsearch/client_test.go @@ -60,9 +60,13 @@ func TestClusterHealth(t *testing.T) { Expected string }{ { + // To reproduce the scenario, just start the stack with 8.5 version. Record: "./testdata/elasticsearch-8-5-healthy", }, { + // To reproduce the scenario, start the stack with 8.5 version and + // limited disk space. If difficult to reproduce, manually modify + // the recording using info from previous changesets. Record: "./testdata/elasticsearch-8-5-red-out-of-disk", Expected: "cluster in unhealthy state: 33 indices reside on nodes that have run or are likely to run out of disk space, this can temporarily disable writing on these indices.", }, diff --git a/internal/kibana/savedobjects_test.go b/internal/kibana/savedobjects_test.go index d8416989b7..c678a70b8f 100644 --- a/internal/kibana/savedobjects_test.go +++ b/internal/kibana/savedobjects_test.go @@ -19,6 +19,7 @@ func TestSetManagedSavedObject(t *testing.T) { // Recorded requests are not going to match the boundaries of // multipart fields in requests, but we can ignore it by now as // we are mostly interested on the bodies of the responses. + // To update this test just remove the record file and run the test. client := kibanatest.NewClient(t, "testdata/kibana-8-mock-set-managed") id := preloadDashboard(t, client) From 420769923925aaad41013f574c550af19ecef56c Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Tue, 28 Nov 2023 11:57:04 +0100 Subject: [PATCH 10/10] Rename variable name for the record file --- internal/elasticsearch/test/httptest.go | 4 ++-- internal/kibana/test/httptest.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/elasticsearch/test/httptest.go b/internal/elasticsearch/test/httptest.go index 9eb666e9eb..b13c3c77f4 100644 --- a/internal/elasticsearch/test/httptest.go +++ b/internal/elasticsearch/test/httptest.go @@ -19,7 +19,7 @@ import ( // responses. If responses are not found, it forwards the query to the server started by // elastic-package stack, and records the response. // Responses are recorded in the directory indicated by serverDataDir. -func NewClient(t *testing.T, serverDataDir string) *elasticsearch.Client { +func NewClient(t *testing.T, recordFileName string) *elasticsearch.Client { address := os.Getenv(stack.ElasticsearchHostEnv) if address == "" { address = "https://127.0.0.1:9200" @@ -33,7 +33,7 @@ func NewClient(t *testing.T, serverDataDir string) *elasticsearch.Client { require.NoError(t, err) rec, err := recorder.NewWithOptions(&recorder.Options{ - CassetteName: serverDataDir, + CassetteName: recordFileName, Mode: recorder.ModeRecordOnce, SkipRequestLatency: true, RealTransport: config.Transport, diff --git a/internal/kibana/test/httptest.go b/internal/kibana/test/httptest.go index 74826f1930..b907fbab79 100644 --- a/internal/kibana/test/httptest.go +++ b/internal/kibana/test/httptest.go @@ -20,10 +20,10 @@ import ( // responses. If responses are not found, it forwards the query to the server started by // elastic-package stack, and records the response. // Responses are recorded in the directory indicated by serverDataDir. -func NewClient(t *testing.T, serverDataDir string) *kibana.Client { +func NewClient(t *testing.T, recordFileName string) *kibana.Client { setupHTTPClient := func(client *http.Client) *http.Client { rec, err := recorder.NewWithOptions(&recorder.Options{ - CassetteName: serverDataDir, + CassetteName: recordFileName, Mode: recorder.ModeRecordOnce, SkipRequestLatency: true, RealTransport: client.Transport,