From fd81ac7ed596d44c91fed44da7c543227aca9f5f Mon Sep 17 00:00:00 2001 From: sayden Date: Thu, 5 Nov 2020 12:18:08 +0100 Subject: [PATCH] Make update after rebasing and fixing conflicts in fields.yml --- metricbeat/docs/fields.asciidoc | 3343 +++++++++++++++++---- metricbeat/module/elasticsearch/fields.go | 2 +- 2 files changed, 2786 insertions(+), 559 deletions(-) diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 236b476e1ce..c2d105e8a9a 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -36,8 +36,8 @@ grouped in the following categories: * <> * <> * <> +* <> * <> -* <> * <> * <> * <> @@ -1569,8 +1569,7 @@ type: object - -*`aws.billing.metrics.EstimatedCharges.max`*:: +*`aws.billing.EstimatedCharges`*:: + -- Maximum estimated charges for AWS acccount. @@ -1579,6 +1578,166 @@ type: long -- +*`aws.billing.Currency`*:: ++ +-- +Estimated charges currency unit. + +type: keyword + +-- + +*`aws.billing.ServiceName`*:: ++ +-- +Service name for the maximum estimated charges. + +type: keyword + +-- + + +*`aws.billing.AmortizedCost.amount`*:: ++ +-- +Amortized cost amount + +type: double + +-- + +*`aws.billing.AmortizedCost.unit`*:: ++ +-- +Amortized cost unit + +type: keyword + +-- + + +*`aws.billing.BlendedCost.amount`*:: ++ +-- +Blended cost amount + +type: double + +-- + +*`aws.billing.BlendedCost.unit`*:: ++ +-- +Blended cost unit + +type: keyword + +-- + + +*`aws.billing.NormalizedUsageAmount.amount`*:: ++ +-- +Normalized usage amount + +type: double + +-- + +*`aws.billing.NormalizedUsageAmount.unit`*:: ++ +-- +Normalized usage amount unit + +type: keyword + +-- + + +*`aws.billing.UnblendedCost.amount`*:: ++ +-- +Unblended cost amount + +type: double + +-- + +*`aws.billing.UnblendedCost.unit`*:: ++ +-- +Unblended cost unit + +type: keyword + +-- + + +*`aws.billing.UsageQuantity.amount`*:: ++ +-- +Usage quantity amount + +type: double + +-- + +*`aws.billing.UsageQuantity.unit`*:: ++ +-- +Usage quantity unit + +type: keyword + +-- + +*`aws.billing.start_date`*:: ++ +-- +Start date for retrieving AWS costs + +type: keyword + +-- + +*`aws.billing.end_date`*:: ++ +-- +End date for retrieving AWS costs + +type: keyword + +-- + + +*`aws.billing.group_definition.key`*:: ++ +-- +The string that represents a key for a specified group + +type: keyword + +-- + +*`aws.billing.group_definition.type`*:: ++ +-- +The string that represents the type of group + +type: keyword + +-- + +*`aws.billing.group_by.*`*:: ++ +-- +Cost explorer group by key values + + +type: object + +-- + [float] === cloudwatch @@ -2041,7 +2200,7 @@ type: long *`aws.ec2.network.in.packets`*:: + -- -The number of packets received on all network interfaces by the instance. +The total number of packets received on all network interfaces by the instance in collection period. type: long @@ -2054,14 +2213,14 @@ type: long The number of packets per second sent out on all network interfaces by the instance. -type: long +type: scaled_float -- *`aws.ec2.network.out.packets`*:: + -- -The number of packets sent out on all network interfaces by the instance. +The total number of packets sent out on all network interfaces by the instance in collection period. type: long @@ -2074,14 +2233,14 @@ type: long The number of packets per second sent out on all network interfaces by the instance. -type: long +type: scaled_float -- *`aws.ec2.network.in.bytes`*:: + -- -The number of bytes received on all network interfaces by the instance. +The total number of bytes received on all network interfaces by the instance in collection period. type: long @@ -2096,14 +2255,14 @@ format: bytes The number of bytes per second received on all network interfaces by the instance. -type: long +type: scaled_float -- *`aws.ec2.network.out.bytes`*:: + -- -The number of bytes sent out on all network interfaces by the instance. +The total number of bytes sent out on all network interfaces by the instance in collection period. type: long @@ -2118,14 +2277,14 @@ format: bytes The number of bytes per second sent out on all network interfaces by the instance. -type: long +type: scaled_float -- *`aws.ec2.diskio.read.bytes`*:: + -- -Bytes read from all instance store volumes available to the instance. +Total bytes read from all instance store volumes available to the instance in collection period. type: long @@ -2140,14 +2299,14 @@ format: bytes Bytes read per second from all instance store volumes available to the instance. -type: long +type: scaled_float -- *`aws.ec2.diskio.write.bytes`*:: + -- -Bytes written to all instance store volumes available to the instance. +Total bytes written to all instance store volumes available to the instance in collection period. type: long @@ -2162,14 +2321,14 @@ format: bytes Bytes written per second to all instance store volumes available to the instance. -type: long +type: scaled_float -- *`aws.ec2.diskio.read.ops`*:: + -- -Completed read operations from all instance store volumes available to the instance in a specified period of time. +Total completed read operations from all instance store volumes available to the instance in collection period. type: long @@ -2189,7 +2348,7 @@ type: long *`aws.ec2.diskio.write.ops`*:: + -- -Completed write operations to all instance store volumes available to the instance in a specified period of time. +Total completed write operations to all instance store volumes available to the instance in collection period. type: long @@ -4506,6 +4665,16 @@ type: keyword The subscription ID +type: keyword + +-- + +*`azure.application_id`*:: ++ +-- +The application ID + + type: keyword -- @@ -4516,6 +4685,16 @@ type: keyword Azure metric dimensions. +type: object + +-- + +*`azure.metrics.*.*`*:: ++ +-- +Metrics returned. + + type: object -- @@ -4527,17 +4706,44 @@ application insights -*`azure.app_insights.application_id`*:: +*`azure.app_insights.start_date`*:: + -- -The application ID +The start date -type: keyword +type: date -- -*`azure.app_insights.start_date`*:: +*`azure.app_insights.end_date`*:: ++ +-- +The end date + + +type: date + +-- + +*`azure.app_insights.metrics.*.*`*:: ++ +-- +The metrics + + +type: object + +-- + +[float] +=== app_state + +application state + + + +*`azure.app_state.start_date`*:: + -- The start date @@ -4547,7 +4753,7 @@ type: date -- -*`azure.app_insights.end_date`*:: +*`azure.app_state.end_date`*:: + -- The end date @@ -4557,13 +4763,183 @@ type: date -- -*`azure.app_insights.metrics.*.*`*:: +*`azure.app_state.requests_count.sum`*:: + -- -The metrics +Request count -type: object +type: float + +-- + +*`azure.app_state.requests_failed.sum`*:: ++ +-- +Request failed count + + +type: float + +-- + +*`azure.app_state.users_count.unique`*:: ++ +-- +User count + + +type: float + +-- + +*`azure.app_state.sessions_count.unique`*:: ++ +-- +Session count + + +type: float + +-- + +*`azure.app_state.users_authenticated.unique`*:: ++ +-- +Authenticated users count + + +type: float + +-- + +*`azure.app_state.browser_timings_network_duration.avg`*:: ++ +-- +Browser timings network duration + + +type: float + +-- + +*`azure.app_state.browser_timings_send_duration.avg`*:: ++ +-- +Browser timings send duration + + +type: float + +-- + +*`azure.app_state.browser_timings_receive_uration.avg`*:: ++ +-- +Browser timings receive duration + + +type: float + +-- + +*`azure.app_state.browser_timings_processing_duration.avg`*:: ++ +-- +Browser timings processing duration + + +type: float + +-- + +*`azure.app_state.browser_timings_total_duration.avg`*:: ++ +-- +Browser timings total duration + + +type: float + +-- + +*`azure.app_state.exceptions_count.sum`*:: ++ +-- +Exception count + + +type: float + +-- + +*`azure.app_state.exceptions_browser.sum`*:: ++ +-- +Exception count at browser level + + +type: float + +-- + +*`azure.app_state.exceptions_server.sum`*:: ++ +-- +Exception count at server level + + +type: float + +-- + +*`azure.app_state.performance_counters_memory_available_bytes.avg`*:: ++ +-- +Performance counters memory available bytes + + +type: float + +-- + +*`azure.app_state.performance_counters_process_private_bytes.avg`*:: ++ +-- +Performance counters process private bytes + + +type: float + +-- + +*`azure.app_state.performance_counters_process_cpu_percentage_total.avg`*:: ++ +-- +Performance counters process cpu percentage total + + +type: float + +-- + +*`azure.app_state.performance_counters_process_cpu_percentage.avg`*:: ++ +-- +Performance counters process cpu percentage + + +type: float + +-- + +*`azure.app_state.performance_counters_processiobytes_per_second.avg`*:: ++ +-- +Performance counters process IO bytes per second + + +type: float -- @@ -4750,17 +5126,6 @@ type: object monitor - -*`azure.monitor.metrics.*.*`*:: -+ --- -Metrics returned. - - -type: object - --- - *`azure.storage.*.*`*:: + -- @@ -6040,16 +6405,6 @@ Metadata from cloud providers added by the add_cloud_metadata processor. -*`cloud.project.id`*:: -+ --- -Name of the project in Google Cloud. - - -example: project-x - --- - *`cloud.image.id`*:: + -- @@ -6395,6 +6750,80 @@ type: keyword -- + +*`host.cpu.pct`*:: ++ +-- +Percent CPU used. This value is normalized by the number of CPU cores and it ranges from 0 to 1. + +type: scaled_float + +format: percent + +-- + +*`host.network.in.bytes`*:: ++ +-- +The number of bytes received on all network interfaces by the host in a given period of time. + +type: long + +format: bytes + +-- + +*`host.network.out.bytes`*:: ++ +-- +The number of bytes sent out on all network interfaces by the host in a given period of time. + +type: long + +format: bytes + +-- + +*`host.network.in.packets`*:: ++ +-- +The number of packets received on all network interfaces by the host in a given period of time. + +type: long + +-- + +*`host.network.out.packets`*:: ++ +-- +The number of packets sent out on all network interfaces by the host in a given period of time. + +type: long + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes read successfully in a given period of time. + +type: long + +format: bytes + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes write successfully in a given period of time. + +type: long + +format: bytes + +-- + [[exported-fields-consul]] == Consul fields @@ -8942,8 +9371,15 @@ Stats collected from Dropwizard. [[exported-fields-ecs]] == ECS fields -ECS Fields. +This section defines Elastic Common Schema (ECS) fields—a common set of fields +to be used when storing event data in {es}. + +This is an exhaustive list, and fields listed here are not necessarily used by {beatname_uc}. +The goal of ECS is to enable and encourage users of {es} to normalize their event data, +so that they can better analyze, visualize, and correlate the data represented in their events. + +See the {ecs-ref}[ECS reference] for more information. *`@timestamp`*:: + @@ -9005,6 +9441,18 @@ The agent fields contain the data about the software entity, if any, that collec Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. +*`agent.build.original`*:: ++ +-- +Extended build information for the agent. +This field is intended to contain any build information that a data source may provide, no specific formatting is required. + +type: keyword + +example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] + +-- + *`agent.ephemeral_id`*:: + -- @@ -9046,7 +9494,7 @@ example: foo + -- Type of the agent. -The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. +The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. type: keyword @@ -9262,8 +9710,7 @@ example: Quebec *`client.ip`*:: + -- -IP address of the client. -Can be one or multiple IPv4 or IPv6 addresses. +IP address of the client (IPv4 or IPv6). type: ip @@ -9326,19 +9773,19 @@ format: string + -- The highest registered client domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". +For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword -example: google.com +example: example.com -- *`client.top_level_domain`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword @@ -9425,7 +9872,7 @@ type: keyword *`client.user.id`*:: + -- -Unique identifiers of the user. +Unique identifier of the user. type: keyword @@ -9449,6 +9896,17 @@ type: text -- +*`client.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === cloud @@ -9467,6 +9925,18 @@ example: 666777888999 -- +*`cloud.account.name`*:: ++ +-- +The cloud account name or alias used to identify different entities in a multi-tenant environment. +Examples: AWS account name, Google Cloud ORG display name. + +type: keyword + +example: elastic-dev + +-- + *`cloud.availability_zone`*:: + -- @@ -9509,6 +9979,30 @@ example: t2.medium -- +*`cloud.project.id`*:: ++ +-- +The cloud project identifier. +Examples: Google Cloud Project id, Azure Project id. + +type: keyword + +example: my-project + +-- + +*`cloud.project.name`*:: ++ +-- +The cloud project name. +Examples: Google Cloud Project name, Azure Project name. + +type: keyword + +example: my project + +-- + *`cloud.provider`*:: + -- @@ -9819,8 +10313,7 @@ example: Quebec *`destination.ip`*:: + -- -IP address of the destination. -Can be one or multiple IPv4 or IPv6 addresses. +IP address of the destination (IPv4 or IPv6). type: ip @@ -9883,19 +10376,19 @@ format: string + -- The highest registered destination domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". +For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword -example: google.com +example: example.com -- *`destination.top_level_domain`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword @@ -9982,7 +10475,7 @@ type: keyword *`destination.user.id`*:: + -- -Unique identifiers of the user. +Unique identifier of the user. type: keyword @@ -10006,6 +10499,17 @@ type: text -- +*`destination.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === dll @@ -10134,6 +10638,17 @@ example: C:\Windows\System32\kernel32.dll -- +*`dll.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + *`dll.pe.company`*:: + -- @@ -10167,6 +10682,18 @@ example: 6.3.9600.17415 -- +*`dll.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + *`dll.pe.original_file_name`*:: + -- @@ -10238,7 +10765,7 @@ If a chain of CNAME is being resolved, each answer's `name` should be the one th type: keyword -example: www.google.com +example: www.example.com -- @@ -10317,7 +10844,7 @@ If the name field contains non-printable characters (below 32 or above 126), tho type: keyword -example: www.google.com +example: www.example.com -- @@ -10325,12 +10852,12 @@ example: www.google.com + -- The highest registered domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". +For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword -example: google.com +example: example.com -- @@ -10349,7 +10876,7 @@ example: www *`dns.question.top_level_domain`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword @@ -10466,6 +10993,8 @@ The stack trace of this error in plain text. type: keyword +Field is not indexed. + -- *`error.stack_trace.text`*:: @@ -10648,6 +11177,8 @@ type: keyword example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 +Field is not indexed. + -- *`event.outcome`*:: @@ -10677,6 +11208,18 @@ example: kernel -- +*`event.reason`*:: ++ +-- +Reason why this event happened, according to the source. +This describes the why of a particular action or outcome captured in the event. Where `event.action` captures the action from the event, `event.reason` describes why that action was taken. For example, a web proxy with an `event.action` which denied the request may also populate `event.reason` with the reason why (e.g. `blocked site`). + +type: keyword + +example: Terminated an unexpected process + +-- + *`event.reference`*:: + -- @@ -10685,7 +11228,7 @@ This URL links to a static definition of the this event. Alert events, indicated type: keyword -example: https://system.vendor.com/event/#0001234 +example: https://system.example.com/event/#0001234 -- @@ -10769,11 +11312,11 @@ type: keyword + -- URL linking to an external system to continue investigation of this event. -This URL links to another system where in-depth investigation of the specific occurence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to another system where in-depth investigation of the specific occurrence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword -example: https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe +example: https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe -- @@ -11067,6 +11610,17 @@ type: text -- +*`file.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + *`file.pe.company`*:: + -- @@ -11100,6 +11654,18 @@ example: 6.3.9600.17415 -- +*`file.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + *`file.pe.original_file_name`*:: + -- @@ -11172,6 +11738,270 @@ example: 1001 -- +*`file.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`file.x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`file.x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`file.x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`file.x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`file.x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`file.x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`file.x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`file.x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`file.x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`file.x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`file.x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`file.x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`file.x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`file.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`file.x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`file.x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`file.x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`file.x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`file.x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`file.x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`file.x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`file.x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`file.x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + [float] === geo @@ -11694,7 +12524,7 @@ type: keyword *`host.user.id`*:: + -- -Unique identifiers of the user. +Unique identifier of the user. type: keyword @@ -11718,6 +12548,17 @@ type: text -- +*`host.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === http @@ -11772,11 +12613,13 @@ format: bytes + -- HTTP request method. -The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". +Prior to ECS 1.6.0 the following guidance was provided: +"The field value must be normalized to lowercase for querying." +As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0 type: keyword -example: get, post, put +example: GET, POST, PUT, PoST -- @@ -11906,6 +12749,18 @@ The log.* fields are typically populated with details about the logging mechanis The details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields. +*`log.file.path`*:: ++ +-- +Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. +If the event wasn't read from a log file, do not populate this field. + +type: keyword + +example: /var/log/fun-times.log + +-- + *`log.level`*:: + -- @@ -11944,7 +12799,8 @@ example: 42 *`log.origin.file.name`*:: + -- -The name of the file containing the source code which originated the log event. Note that this is not the name of the log file. +The name of the file containing the source code which originated the log event. +Note that this field is not meant to capture the log file. The correct field to capture the log file is `log.file.path`. type: keyword @@ -11974,6 +12830,8 @@ type: keyword example: Sep 19 08:26:10 localhost My log +Field is not indexed. + -- *`log.syslog`*:: @@ -12942,6 +13800,17 @@ example: 1.12.9 These fields contain Windows Portable Executable (PE) metadata. +*`pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + *`pe.company`*:: + -- @@ -12975,6 +13844,18 @@ example: 6.3.9600.17415 -- +*`pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + *`pe.original_file_name`*:: + -- @@ -13206,12 +14087,12 @@ type: text *`process.parent.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] -- @@ -13402,6 +14283,84 @@ type: text -- +*`process.parent.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + +*`process.parent.pe.company`*:: ++ +-- +Internal company name of the file, provided at compile-time. + +type: keyword + +example: Microsoft Corporation + +-- + +*`process.parent.pe.description`*:: ++ +-- +Internal description of the file, provided at compile-time. + +type: keyword + +example: Paint + +-- + +*`process.parent.pe.file_version`*:: ++ +-- +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 + +-- + +*`process.parent.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + +*`process.parent.pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. + +type: keyword + +example: MSPAINT.EXE + +-- + +*`process.parent.pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. + +type: keyword + +example: Microsoft® Windows® Operating System + +-- + *`process.parent.pgid`*:: + -- @@ -13520,6 +14479,17 @@ type: text -- +*`process.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + *`process.pe.company`*:: + -- @@ -13553,6 +14523,18 @@ example: 6.3.9600.17415 -- +*`process.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + *`process.pe.original_file_name`*:: + -- @@ -13795,6 +14777,15 @@ type: keyword -- +*`related.hosts`*:: ++ +-- +All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. + +type: keyword + +-- + *`related.ip`*:: + -- @@ -14093,8 +15084,7 @@ example: Quebec *`server.ip`*:: + -- -IP address of the server. -Can be one or multiple IPv4 or IPv6 addresses. +IP address of the server (IPv4 or IPv6). type: ip @@ -14157,19 +15147,19 @@ format: string + -- The highest registered server domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". +For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword -example: google.com +example: example.com -- *`server.top_level_domain`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword @@ -14256,7 +15246,7 @@ type: keyword *`server.user.id`*:: + -- -Unique identifiers of the user. +Unique identifier of the user. type: keyword @@ -14280,6 +15270,17 @@ type: text -- +*`server.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === service @@ -14533,8 +15534,7 @@ example: Quebec *`source.ip`*:: + -- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. +IP address of the source (IPv4 or IPv6). type: ip @@ -14597,19 +15597,19 @@ format: string + -- The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". +For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword -example: google.com +example: example.com -- *`source.top_level_domain`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword @@ -14696,7 +15696,7 @@ type: keyword *`source.user.id`*:: + -- -Unique identifiers of the user. +Unique identifier of the user. type: keyword @@ -14720,10 +15720,21 @@ type: text -- +*`source.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === threat -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +Fields to classify events and alerts according to a threat taxonomy such as the MITRE ATT&CK® framework. These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). @@ -14741,7 +15752,7 @@ example: MITRE ATT&CK *`threat.tactic.id`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +The id of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword @@ -14752,7 +15763,7 @@ example: TA0040 *`threat.tactic.name`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Name of the type of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0040/) type: keyword @@ -14763,7 +15774,7 @@ example: impact *`threat.tactic.reference`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +The reference url of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword @@ -14774,7 +15785,7 @@ example: https://attack.mitre.org/tactics/TA0040/ *`threat.technique.id`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +The id of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1499/) type: keyword @@ -14785,11 +15796,11 @@ example: T1499 *`threat.technique.name`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +The name of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1499/) type: keyword -example: endpoint denial of service +example: Endpoint Denial of Service -- @@ -14803,7 +15814,7 @@ type: text *`threat.technique.reference`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +The reference url of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword @@ -14890,7 +15901,7 @@ Distinguished name of subject of the issuer of the x.509 certificate presented b type: keyword -example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com +example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com -- @@ -14930,7 +15941,7 @@ example: 1970-01-01T00:00:00.000Z *`tls.client.server_name`*:: + -- -Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. +Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. type: keyword @@ -14945,7 +15956,7 @@ Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com +example: CN=myclient, OU=Documentation Team, DC=example, DC=com -- @@ -14960,6 +15971,270 @@ example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256 -- +*`tls.client.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`tls.client.x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`tls.client.x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`tls.client.x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`tls.client.x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`tls.client.x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`tls.client.x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`tls.client.x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.client.x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`tls.client.x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`tls.client.x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`tls.client.x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`tls.client.x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`tls.client.x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`tls.client.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`tls.client.x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`tls.client.x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`tls.client.x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`tls.client.x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`tls.client.x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`tls.client.x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`tls.client.x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`tls.client.x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.client.x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + *`tls.curve`*:: + -- @@ -15062,7 +16337,7 @@ Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com +example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com -- @@ -15106,7 +16381,271 @@ Subject of the x.509 certificate presented by the server. type: keyword -example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com +example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com + +-- + +*`tls.server.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`tls.server.x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`tls.server.x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`tls.server.x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`tls.server.x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`tls.server.x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`tls.server.x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`tls.server.x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.server.x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`tls.server.x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`tls.server.x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`tls.server.x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`tls.server.x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`tls.server.x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`tls.server.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`tls.server.x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`tls.server.x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`tls.server.x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`tls.server.x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`tls.server.x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`tls.server.x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`tls.server.x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`tls.server.x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.server.x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 -- @@ -15138,6 +16677,18 @@ example: tls Distributed tracing makes it possible to analyze performance throughout a microservice architecture all in one view. This is accomplished by tracing all of the requests - from the initial web request in the front-end service - to queries made through multiple back-end services. +*`tracing.span.id`*:: ++ +-- +Unique identifier of the span within the scope of its trace. +A span represents an operation within a transaction, such as a request to another service, or a database query. + +type: keyword + +example: 3ff9a8981b7ccd5a + +-- + *`tracing.trace.id`*:: + -- @@ -15153,7 +16704,7 @@ example: 4bf92f3577b34da6a3ce929d0e0e4736 *`tracing.transaction.id`*:: + -- -Unique identifier of the transaction. +Unique identifier of the transaction within the scope of its trace. A transaction is the highest level of work measured within a service, such as a request to a server. type: keyword @@ -15286,12 +16837,12 @@ type: keyword + -- The highest registered url domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". +For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword -example: google.com +example: example.com -- @@ -15310,7 +16861,7 @@ example: https *`url.top_level_domain`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword @@ -15413,7 +16964,7 @@ type: keyword *`user.id`*:: + -- -Unique identifiers of the user. +Unique identifier of the user. type: keyword @@ -15437,6 +16988,17 @@ type: text -- +*`user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -15765,6 +17327,276 @@ example: Critical -- +[float] +=== x509 + +This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk. When only a single certificate is logged in an event, it should be nested under `file`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`). For events that contain certificate information for both sides of the connection, the x509 object could be nested under the respective side of the connection information (e.g. `tls.server.x509`). + + +*`x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + [[exported-fields-elasticsearch]] == Elasticsearch fields @@ -17052,16 +18884,10 @@ type: boolean [float] === node.stats -node_stats +Statistics about each node in a Elasticsearch cluster -[float] -=== indices - -Node indices stats - - *`elasticsearch.node.stats.indices.docs.count`*:: + @@ -17293,18 +19119,6 @@ format: percent -- -[float] -=== jvm.mem.pools - -JVM memory pool stats - - - -[float] -=== old - -Old memory pool stats. - *`elasticsearch.node.stats.jvm.mem.pools.old.max.bytes`*:: @@ -17312,6 +19126,7 @@ Old memory pool stats. -- Max bytes. + type: long format: bytes @@ -17323,6 +19138,7 @@ format: bytes -- Peak bytes. + type: long format: bytes @@ -17334,6 +19150,7 @@ format: bytes -- Peak max bytes. + type: long format: bytes @@ -17345,24 +19162,20 @@ format: bytes -- Used bytes. + type: long format: bytes -- -[float] -=== young - -Young memory pool stats. - - *`elasticsearch.node.stats.jvm.mem.pools.young.max.bytes`*:: + -- Max bytes. + type: long format: bytes @@ -17374,6 +19187,7 @@ format: bytes -- Peak bytes. + type: long format: bytes @@ -17385,6 +19199,7 @@ format: bytes -- Peak max bytes. + type: long format: bytes @@ -17396,24 +19211,20 @@ format: bytes -- Used bytes. + type: long format: bytes -- -[float] -=== survivor - -Survivor memory pool stats. - - *`elasticsearch.node.stats.jvm.mem.pools.survivor.max.bytes`*:: + -- Max bytes. + type: long format: bytes @@ -17425,6 +19236,7 @@ format: bytes -- Peak bytes. + type: long format: bytes @@ -17436,6 +19248,7 @@ format: bytes -- Peak max bytes. + type: long format: bytes @@ -17447,31 +19260,18 @@ format: bytes -- Used bytes. + type: long format: bytes -- -[float] -=== jvm.gc.collectors - -GC collector stats. - - - -[float] -=== old.collection - -Old collection gc. - *`elasticsearch.node.stats.jvm.gc.collectors.old.collection.count`*:: + -- - - type: long -- @@ -17479,24 +19279,14 @@ type: long *`elasticsearch.node.stats.jvm.gc.collectors.old.collection.ms`*:: + -- - - type: long -- -[float] -=== young.collection - -Young collection gc. - - *`elasticsearch.node.stats.jvm.gc.collectors.young.collection.count`*:: + -- - - type: long -- @@ -17504,8 +19294,6 @@ type: long *`elasticsearch.node.stats.jvm.gc.collectors.young.collection.ms`*:: + -- - - type: long -- @@ -18980,345 +20768,76 @@ type: integer -- -[[exported-fields-golang]] -== Golang fields - -Golang module - - - -[float] -=== golang - - - +[[exported-fields-gcp]] +== Google Cloud Platform fields -[float] -=== expvar +GCP module -expvar -*`golang.expvar.cmdline`*:: +*`gcp.labels`*:: + -- -The cmdline of this Go program start with. +GCP monitoring metrics labels -type: keyword +type: object -- -[float] -=== heap - -The Go program heap information exposed by expvar. - - - -*`golang.heap.cmdline`*:: +*`gcp.metrics.*.*.*.*`*:: + -- -The cmdline of this Go program start with. +Metrics that returned from Google Cloud API query. -type: keyword +type: object -- [float] -=== gc - -Garbage collector summary. - - - -[float] -=== total_pause - -Total GC pause duration over lifetime of process. +=== billing +Google Cloud Billing metrics -*`golang.heap.gc.total_pause.ns`*:: +*`gcp.billing.cost_type`*:: + -- -Duration in Ns. - +Cost types include regular, tax, adjustment, and rounding_error. -type: long +type: keyword -- -*`golang.heap.gc.total_count`*:: +*`gcp.billing.invoice_month`*:: + -- -Total number of GC was happened. - +Billing report month. -type: long +type: keyword -- -*`golang.heap.gc.next_gc_limit`*:: +*`gcp.billing.project_id`*:: + -- -Next collection will happen when HeapAlloc > this amount. +Project ID of the billing report belongs to. - -type: long - -format: bytes +type: keyword -- -*`golang.heap.gc.cpu_fraction`*:: +*`gcp.billing.total`*:: + -- -Fraction of CPU time used by GC. - +Total billing amount. type: float -- -[float] -=== pause - -Last GC pause durations during the monitoring period. - - - -*`golang.heap.gc.pause.count`*:: -+ --- -Count of GC pause duration during this collect period. - - -type: long - --- - -[float] -=== sum - -Total GC pause duration during this collect period. - - - -*`golang.heap.gc.pause.sum.ns`*:: -+ --- -Duration in Ns. - - -type: long - --- - -[float] -=== max - -Max GC pause duration during this collect period. - - - -*`golang.heap.gc.pause.max.ns`*:: -+ --- -Duration in Ns. - - -type: long - --- - -[float] -=== avg - -Average GC pause duration during this collect period. - - - -*`golang.heap.gc.pause.avg.ns`*:: -+ --- -Duration in Ns. - - -type: long - --- - -[float] -=== system - -Heap summary,which bytes was obtained from system. - - - -*`golang.heap.system.total`*:: -+ --- -Total bytes obtained from system (sum of XxxSys below). - - -type: long - -format: bytes - --- - -*`golang.heap.system.obtained`*:: -+ --- -Via HeapSys, bytes obtained from system. heap_sys = heap_idle + heap_inuse. - - -type: long - -format: bytes - --- - -*`golang.heap.system.stack`*:: -+ --- -Bytes used by stack allocator, and these bytes was obtained from system. - - -type: long - -format: bytes - --- - -*`golang.heap.system.released`*:: -+ --- -Bytes released to the OS. - - -type: long - -format: bytes - --- - -[float] -=== allocations - -Heap allocations summary. - - - -*`golang.heap.allocations.mallocs`*:: -+ --- -Number of mallocs. - - -type: long - --- - -*`golang.heap.allocations.frees`*:: -+ --- -Number of frees. - - -type: long - --- - -*`golang.heap.allocations.objects`*:: -+ --- -Total number of allocated objects. - - -type: long - --- - -*`golang.heap.allocations.total`*:: -+ --- -Bytes allocated (even if freed) throughout the lifetime. - - -type: long - -format: bytes - --- - -*`golang.heap.allocations.allocated`*:: -+ --- -Bytes allocated and not yet freed (same as Alloc above). - - -type: long - -format: bytes - --- - -*`golang.heap.allocations.idle`*:: -+ --- -Bytes in idle spans. - - -type: long - -format: bytes - --- - -*`golang.heap.allocations.active`*:: -+ --- -Bytes in non-idle span. - - -type: long - -format: bytes - --- - -[[exported-fields-googlecloud]] -== Google Cloud Platform fields - -GCP module - - - - -*`googlecloud.labels`*:: -+ --- -Google cloud monitoring metrics labels - - -type: object - --- - -*`googlecloud.metrics.*.*.*.*`*:: -+ --- -Metrics that returned from Google Cloud API query. - - -type: object - --- - [float] === compute @@ -19327,7 +20846,7 @@ Google Cloud Compute metrics -*`googlecloud.compute.instance.firewall.dropped_bytes_count.value`*:: +*`gcp.compute.instance.firewall.dropped_bytes_count.value`*:: + -- Incoming bytes dropped by the firewall @@ -19336,7 +20855,7 @@ type: long -- -*`googlecloud.compute.instance.firewall.dropped_packets_count.value`*:: +*`gcp.compute.instance.firewall.dropped_packets_count.value`*:: + -- Incoming packets dropped by the firewall @@ -19346,7 +20865,7 @@ type: long -- -*`googlecloud.compute.instance.cpu.reserved_cores.value`*:: +*`gcp.compute.instance.cpu.reserved_cores.value`*:: + -- Number of cores reserved on the host of the instance @@ -19355,7 +20874,7 @@ type: double -- -*`googlecloud.compute.instance.cpu.utilization.value`*:: +*`gcp.compute.instance.cpu.utilization.value`*:: + -- The fraction of the allocated CPU that is currently in use on the instance @@ -19364,7 +20883,7 @@ type: double -- -*`googlecloud.compute.instance.cpu.usage_time.value`*:: +*`gcp.compute.instance.cpu.usage_time.value`*:: + -- Usage for all cores in seconds @@ -19374,7 +20893,7 @@ type: double -- -*`googlecloud.compute.instance.disk.read_bytes_count.value`*:: +*`gcp.compute.instance.disk.read_bytes_count.value`*:: + -- Count of bytes read from disk @@ -19383,7 +20902,7 @@ type: long -- -*`googlecloud.compute.instance.disk.read_ops_count.value`*:: +*`gcp.compute.instance.disk.read_ops_count.value`*:: + -- Count of disk read IO operations @@ -19392,7 +20911,7 @@ type: long -- -*`googlecloud.compute.instance.disk.write_bytes_count.value`*:: +*`gcp.compute.instance.disk.write_bytes_count.value`*:: + -- Count of bytes written to disk @@ -19401,7 +20920,7 @@ type: long -- -*`googlecloud.compute.instance.disk.write_ops_count.value`*:: +*`gcp.compute.instance.disk.write_ops_count.value`*:: + -- Count of disk write IO operations @@ -19410,7 +20929,7 @@ type: long -- -*`googlecloud.compute.instance.uptime.value`*:: +*`gcp.compute.instance.uptime.value`*:: + -- How long the VM has been running, in seconds @@ -19420,7 +20939,7 @@ type: long -- -*`googlecloud.compute.instance.network.received_bytes_count.value`*:: +*`gcp.compute.instance.network.received_bytes_count.value`*:: + -- Count of bytes received from the network @@ -19429,7 +20948,7 @@ type: long -- -*`googlecloud.compute.instance.network.received_packets_count.value`*:: +*`gcp.compute.instance.network.received_packets_count.value`*:: + -- Count of packets received from the network @@ -19438,7 +20957,7 @@ type: long -- -*`googlecloud.compute.instance.network.sent_bytes_count.value`*:: +*`gcp.compute.instance.network.sent_bytes_count.value`*:: + -- Count of bytes sent over the network @@ -19447,7 +20966,7 @@ type: long -- -*`googlecloud.compute.instance.network.sent_packets_count.value`*:: +*`gcp.compute.instance.network.sent_packets_count.value`*:: + -- Count of packets sent over the network @@ -19457,7 +20976,7 @@ type: long -- -*`googlecloud.compute.instance.memory.balloon.ram_size.value`*:: +*`gcp.compute.instance.memory.balloon.ram_size.value`*:: + -- The total amount of memory in the VM. This metric is only available for VMs that belong to the e2 family. @@ -19466,7 +20985,7 @@ type: long -- -*`googlecloud.compute.instance.memory.balloon.ram_used.value`*:: +*`gcp.compute.instance.memory.balloon.ram_used.value`*:: + -- Memory currently used in the VM. This metric is only available for VMs that belong to the e2 family. @@ -19475,7 +20994,7 @@ type: long -- -*`googlecloud.compute.instance.memory.balloon.swap_in_bytes_count.value`*:: +*`gcp.compute.instance.memory.balloon.swap_in_bytes_count.value`*:: + -- The amount of memory read into the guest from its own swap space. This metric is only available for VMs that belong to the e2 family. @@ -19484,7 +21003,7 @@ type: long -- -*`googlecloud.compute.instance.memory.balloon.swap_out_bytes_count.value`*:: +*`gcp.compute.instance.memory.balloon.swap_out_bytes_count.value`*:: + -- The amount of memory written from the guest to its own swap space. This metric is only available for VMs that belong to the e2 family. @@ -19505,7 +21024,7 @@ Google Cloud Load Balancing metrics Google Cloud Load Balancing metrics -*`googlecloud.loadbalancing.https.backend_request_bytes_count.value`*:: +*`gcp.loadbalancing.https.backend_request_bytes_count.value`*:: + -- The number of bytes sent as requests from HTTP/S load balancer to backends. @@ -19514,7 +21033,7 @@ type: long -- -*`googlecloud.loadbalancing.https.backend_request_count.value`*:: +*`gcp.loadbalancing.https.backend_request_count.value`*:: + -- The number of requests served by backends of HTTP/S load balancer. @@ -19523,7 +21042,7 @@ type: long -- -*`googlecloud.loadbalancing.https.request_bytes_count.value`*:: +*`gcp.loadbalancing.https.request_bytes_count.value`*:: + -- The number of bytes sent as requests from clients to HTTP/S load balancer. @@ -19532,7 +21051,7 @@ type: long -- -*`googlecloud.loadbalancing.https.request_count.value`*:: +*`gcp.loadbalancing.https.request_count.value`*:: + -- The number of requests served by HTTP/S load balancer. @@ -19541,7 +21060,7 @@ type: long -- -*`googlecloud.loadbalancing.https.response_bytes_count.value`*:: +*`gcp.loadbalancing.https.response_bytes_count.value`*:: + -- The number of bytes sent as responses from HTTP/S load balancer to clients. @@ -19556,7 +21075,7 @@ type: long Google Cloud Load Balancing metrics -*`googlecloud.loadbalancing.l3.internal.egress_bytes_count.value`*:: +*`gcp.loadbalancing.l3.internal.egress_bytes_count.value`*:: + -- The number of bytes sent from ILB backend to client (for TCP flows it's counting bytes on application stream only). @@ -19565,7 +21084,7 @@ type: long -- -*`googlecloud.loadbalancing.l3.internal.egress_packets_count.value`*:: +*`gcp.loadbalancing.l3.internal.egress_packets_count.value`*:: + -- The number of packets sent from ILB backend to client of the flow. @@ -19574,7 +21093,7 @@ type: long -- -*`googlecloud.loadbalancing.l3.internal.ingress_bytes_count.value`*:: +*`gcp.loadbalancing.l3.internal.ingress_bytes_count.value`*:: + -- The number of bytes sent from client to ILB backend (for TCP flows it's counting bytes on application stream only). @@ -19583,7 +21102,7 @@ type: long -- -*`googlecloud.loadbalancing.l3.internal.ingress_packets_count.value`*:: +*`gcp.loadbalancing.l3.internal.ingress_packets_count.value`*:: + -- The number of packets sent from client to ILB backend. @@ -19598,7 +21117,7 @@ type: long Google Cloud Load Balancing metrics -*`googlecloud.loadbalancing.tcp_ssl_proxy.closed_connections.value`*:: +*`gcp.loadbalancing.tcp_ssl_proxy.closed_connections.value`*:: + -- Number of connections that were terminated over TCP/SSL proxy. @@ -19607,7 +21126,7 @@ type: long -- -*`googlecloud.loadbalancing.tcp_ssl_proxy.egress_bytes_count.value`*:: +*`gcp.loadbalancing.tcp_ssl_proxy.egress_bytes_count.value`*:: + -- Number of bytes sent from VM to client using proxy. @@ -19616,7 +21135,7 @@ type: long -- -*`googlecloud.loadbalancing.tcp_ssl_proxy.ingress_bytes_count.value`*:: +*`gcp.loadbalancing.tcp_ssl_proxy.ingress_bytes_count.value`*:: + -- Number of bytes sent from client to VM using proxy. @@ -19625,7 +21144,7 @@ type: long -- -*`googlecloud.loadbalancing.tcp_ssl_proxy.new_connections.value`*:: +*`gcp.loadbalancing.tcp_ssl_proxy.new_connections.value`*:: + -- Number of connections that were created over TCP/SSL proxy. @@ -19634,7 +21153,7 @@ type: long -- -*`googlecloud.loadbalancing.tcp_ssl_proxy.open_connections.value`*:: +*`gcp.loadbalancing.tcp_ssl_proxy.open_connections.value`*:: + -- Current number of outstanding connections through the TCP/SSL proxy. @@ -19655,7 +21174,7 @@ Google Cloud PubSub metrics Suscription related metrics -*`googlecloud.pubsub.subscription.ack_message_count.value`*:: +*`gcp.pubsub.subscription.ack_message_count.value`*:: + -- Cumulative count of messages acknowledged by Acknowledge requests, grouped by delivery type. @@ -19664,7 +21183,7 @@ type: long -- -*`googlecloud.pubsub.subscription.backlog_bytes.value`*:: +*`gcp.pubsub.subscription.backlog_bytes.value`*:: + -- Total byte size of the unacknowledged messages (a.k.a. backlog messages) in a subscription. @@ -19673,7 +21192,7 @@ type: long -- -*`googlecloud.pubsub.subscription.num_outstanding_messages.value`*:: +*`gcp.pubsub.subscription.num_outstanding_messages.value`*:: + -- Number of messages delivered to a subscription's push endpoint, but not yet acknowledged. @@ -19682,7 +21201,7 @@ type: long -- -*`googlecloud.pubsub.subscription.num_undelivered_messages.value`*:: +*`gcp.pubsub.subscription.num_undelivered_messages.value`*:: + -- Number of unacknowledged messages (a.k.a. backlog messages) in a subscription. @@ -19691,7 +21210,7 @@ type: long -- -*`googlecloud.pubsub.subscription.oldest_unacked_message_age.value`*:: +*`gcp.pubsub.subscription.oldest_unacked_message_age.value`*:: + -- Age (in seconds) of the oldest unacknowledged message (a.k.a. backlog message) in a subscription. @@ -19700,7 +21219,7 @@ type: long -- -*`googlecloud.pubsub.subscription.pull_ack_message_operation_count.value`*:: +*`gcp.pubsub.subscription.pull_ack_message_operation_count.value`*:: + -- Cumulative count of acknowledge message operations, grouped by result. For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. @@ -19709,7 +21228,7 @@ type: long -- -*`googlecloud.pubsub.subscription.pull_ack_request_count.value`*:: +*`gcp.pubsub.subscription.pull_ack_request_count.value`*:: + -- Cumulative count of acknowledge requests, grouped by result. @@ -19718,7 +21237,7 @@ type: long -- -*`googlecloud.pubsub.subscription.pull_message_operation_count.value`*:: +*`gcp.pubsub.subscription.pull_message_operation_count.value`*:: + -- Cumulative count of pull message operations, grouped by result. For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. @@ -19727,7 +21246,7 @@ type: long -- -*`googlecloud.pubsub.subscription.pull_request_count.value`*:: +*`gcp.pubsub.subscription.pull_request_count.value`*:: + -- Cumulative count of pull requests, grouped by result. @@ -19736,7 +21255,7 @@ type: long -- -*`googlecloud.pubsub.subscription.push_request_count.value`*:: +*`gcp.pubsub.subscription.push_request_count.value`*:: + -- Cumulative count of push attempts, grouped by result. Unlike pulls, the push server implementation does not batch user messages. So each request only contains one user message. The push server retries on errors, so a given user message can appear multiple times. @@ -19745,7 +21264,7 @@ type: long -- -*`googlecloud.pubsub.subscription.push_request_latencies.value`*:: +*`gcp.pubsub.subscription.push_request_latencies.value`*:: + -- Distribution of push request latencies (in microseconds), grouped by result. @@ -19754,7 +21273,7 @@ type: long -- -*`googlecloud.pubsub.subscription.sent_message_count.value`*:: +*`gcp.pubsub.subscription.sent_message_count.value`*:: + -- Cumulative count of messages sent by Cloud Pub/Sub to subscriber clients, grouped by delivery type. @@ -19763,7 +21282,7 @@ type: long -- -*`googlecloud.pubsub.subscription.streaming_pull_ack_message_operation_count.value`*:: +*`gcp.pubsub.subscription.streaming_pull_ack_message_operation_count.value`*:: + -- Cumulative count of StreamingPull acknowledge message operations, grouped by result. For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. @@ -19772,7 +21291,7 @@ type: long -- -*`googlecloud.pubsub.subscription.streaming_pull_ack_request_count.value`*:: +*`gcp.pubsub.subscription.streaming_pull_ack_request_count.value`*:: + -- Cumulative count of streaming pull requests with non-empty acknowledge ids, grouped by result. @@ -19781,7 +21300,7 @@ type: long -- -*`googlecloud.pubsub.subscription.streaming_pull_message_operation_count.value`*:: +*`gcp.pubsub.subscription.streaming_pull_message_operation_count.value`*:: + -- Cumulative count of streaming pull message operations, grouped by result. For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count @@ -19790,7 +21309,7 @@ type: long -- -*`googlecloud.pubsub.subscription.streaming_pull_response_count.value`*:: +*`gcp.pubsub.subscription.streaming_pull_response_count.value`*:: + -- Cumulative count of streaming pull responses, grouped by result. @@ -19799,7 +21318,7 @@ type: long -- -*`googlecloud.pubsub.subscription.dead_letter_message_count.value`*:: +*`gcp.pubsub.subscription.dead_letter_message_count.value`*:: + -- Cumulative count of messages published to dead letter topic, grouped by result. @@ -19808,7 +21327,7 @@ type: long -- -*`googlecloud.pubsub.subscription.mod_ack_deadline_message_count.value`*:: +*`gcp.pubsub.subscription.mod_ack_deadline_message_count.value`*:: + -- Cumulative count of messages whose deadline was updated by ModifyAckDeadline requests, grouped by delivery type. @@ -19817,7 +21336,7 @@ type: long -- -*`googlecloud.pubsub.subscription.mod_ack_deadline_message_operation_count.value`*:: +*`gcp.pubsub.subscription.mod_ack_deadline_message_operation_count.value`*:: + -- Cumulative count of ModifyAckDeadline message operations, grouped by result. @@ -19826,7 +21345,7 @@ type: long -- -*`googlecloud.pubsub.subscription.mod_ack_deadline_request_count.value`*:: +*`gcp.pubsub.subscription.mod_ack_deadline_request_count.value`*:: + -- Cumulative count of ModifyAckDeadline requests, grouped by result. @@ -19835,7 +21354,7 @@ type: long -- -*`googlecloud.pubsub.subscription.oldest_retained_acked_message_age.value`*:: +*`gcp.pubsub.subscription.oldest_retained_acked_message_age.value`*:: + -- Age (in seconds) of the oldest acknowledged message retained in a subscription. @@ -19844,7 +21363,7 @@ type: long -- -*`googlecloud.pubsub.subscription.oldest_retained_acked_message_age_by_region.value`*:: +*`gcp.pubsub.subscription.oldest_retained_acked_message_age_by_region.value`*:: + -- Age (in seconds) of the oldest acknowledged message retained in a subscription, broken down by Cloud region. @@ -19853,7 +21372,7 @@ type: long -- -*`googlecloud.pubsub.subscription.oldest_unacked_message_age_by_region.value`*:: +*`gcp.pubsub.subscription.oldest_unacked_message_age_by_region.value`*:: + -- Age (in seconds) of the oldest unacknowledged message in a subscription, broken down by Cloud region. @@ -19862,7 +21381,7 @@ type: long -- -*`googlecloud.pubsub.subscription.retained_acked_bytes.value`*:: +*`gcp.pubsub.subscription.retained_acked_bytes.value`*:: + -- Total byte size of the acknowledged messages retained in a subscription. @@ -19871,7 +21390,7 @@ type: long -- -*`googlecloud.pubsub.subscription.retained_acked_bytes_by_region.value`*:: +*`gcp.pubsub.subscription.retained_acked_bytes_by_region.value`*:: + -- Total byte size of the acknowledged messages retained in a subscription, broken down by Cloud region. @@ -19880,7 +21399,7 @@ type: long -- -*`googlecloud.pubsub.subscription.seek_request_count.value`*:: +*`gcp.pubsub.subscription.seek_request_count.value`*:: + -- Cumulative count of seek attempts, grouped by result. @@ -19889,7 +21408,7 @@ type: long -- -*`googlecloud.pubsub.subscription.streaming_pull_mod_ack_deadline_message_operation_count.value`*:: +*`gcp.pubsub.subscription.streaming_pull_mod_ack_deadline_message_operation_count.value`*:: + -- Cumulative count of StreamingPull ModifyAckDeadline operations, grouped by result. @@ -19898,7 +21417,7 @@ type: long -- -*`googlecloud.pubsub.subscription.streaming_pull_mod_ack_deadline_request_count.value`*:: +*`gcp.pubsub.subscription.streaming_pull_mod_ack_deadline_request_count.value`*:: + -- Cumulative count of streaming pull requests with non-empty ModifyAckDeadline fields, grouped by result. @@ -19907,7 +21426,7 @@ type: long -- -*`googlecloud.pubsub.subscription.byte_cost.value`*:: +*`gcp.pubsub.subscription.byte_cost.value`*:: + -- Cumulative cost of operations, measured in bytes. This is used to measure quota utilization. @@ -19916,7 +21435,7 @@ type: long -- -*`googlecloud.pubsub.subscription.config_updates_count.value`*:: +*`gcp.pubsub.subscription.config_updates_count.value`*:: + -- Cumulative count of configuration changes for each subscription, grouped by operation type and result. @@ -19925,7 +21444,7 @@ type: long -- -*`googlecloud.pubsub.subscription.unacked_bytes_by_region.value`*:: +*`gcp.pubsub.subscription.unacked_bytes_by_region.value`*:: + -- Total byte size of the unacknowledged messages in a subscription, broken down by Cloud region. @@ -19940,7 +21459,7 @@ type: long Topic related metrics -*`googlecloud.pubsub.topic.streaming_pull_response_count.value`*:: +*`gcp.pubsub.topic.streaming_pull_response_count.value`*:: + -- Cumulative count of streaming pull responses, grouped by result. @@ -19949,7 +21468,7 @@ type: long -- -*`googlecloud.pubsub.topic.send_message_operation_count.value`*:: +*`gcp.pubsub.topic.send_message_operation_count.value`*:: + -- Cumulative count of publish message operations, grouped by result. For a definition of message operations, see Cloud Pub/Sub metric subscription/mod_ack_deadline_message_operation_count. @@ -19958,7 +21477,7 @@ type: long -- -*`googlecloud.pubsub.topic.send_request_count.value`*:: +*`gcp.pubsub.topic.send_request_count.value`*:: + -- Cumulative count of publish requests, grouped by result. @@ -19967,7 +21486,7 @@ type: long -- -*`googlecloud.pubsub.topic.oldest_retained_acked_message_age_by_region.value`*:: +*`gcp.pubsub.topic.oldest_retained_acked_message_age_by_region.value`*:: + -- Age (in seconds) of the oldest acknowledged message retained in a topic, broken down by Cloud region. @@ -19976,7 +21495,7 @@ type: long -- -*`googlecloud.pubsub.topic.oldest_unacked_message_age_by_region.value`*:: +*`gcp.pubsub.topic.oldest_unacked_message_age_by_region.value`*:: + -- Age (in seconds) of the oldest unacknowledged message in a topic, broken down by Cloud region. @@ -19985,7 +21504,7 @@ type: long -- -*`googlecloud.pubsub.topic.retained_acked_bytes_by_region.value`*:: +*`gcp.pubsub.topic.retained_acked_bytes_by_region.value`*:: + -- Total byte size of the acknowledged messages retained in a topic, broken down by Cloud region. @@ -19994,7 +21513,7 @@ type: long -- -*`googlecloud.pubsub.topic.byte_cost.value`*:: +*`gcp.pubsub.topic.byte_cost.value`*:: + -- Cost of operations, measured in bytes. This is used to measure utilization for quotas. @@ -20003,7 +21522,7 @@ type: long -- -*`googlecloud.pubsub.topic.config_updates_count.value`*:: +*`gcp.pubsub.topic.config_updates_count.value`*:: + -- Cumulative count of configuration changes, grouped by operation type and result. @@ -20012,7 +21531,7 @@ type: long -- -*`googlecloud.pubsub.topic.message_sizes.value`*:: +*`gcp.pubsub.topic.message_sizes.value`*:: + -- Distribution of publish message sizes (in bytes) @@ -20021,7 +21540,7 @@ type: long -- -*`googlecloud.pubsub.topic.unacked_bytes_by_region.value`*:: +*`gcp.pubsub.topic.unacked_bytes_by_region.value`*:: + -- Total byte size of the unacknowledged messages in a topic, broken down by Cloud region. @@ -20036,7 +21555,7 @@ type: long Snapshot related metrics -*`googlecloud.pubsub.snapshot.oldest_message_age.value`*:: +*`gcp.pubsub.snapshot.oldest_message_age.value`*:: + -- Age (in seconds) of the oldest message retained in a snapshot. @@ -20045,7 +21564,7 @@ type: long -- -*`googlecloud.pubsub.snapshot.oldest_message_age_by_region.value`*:: +*`gcp.pubsub.snapshot.oldest_message_age_by_region.value`*:: + -- Age (in seconds) of the oldest message retained in a snapshot, broken down by Cloud region. @@ -20054,7 +21573,7 @@ type: long -- -*`googlecloud.pubsub.snapshot.backlog_bytes.value`*:: +*`gcp.pubsub.snapshot.backlog_bytes.value`*:: + -- Total byte size of the messages retained in a snapshot. @@ -20063,7 +21582,7 @@ type: long -- -*`googlecloud.pubsub.snapshot.backlog_bytes_by_region.value`*:: +*`gcp.pubsub.snapshot.backlog_bytes_by_region.value`*:: + -- Total byte size of the messages retained in a snapshot, broken down by Cloud region. @@ -20072,7 +21591,7 @@ type: long -- -*`googlecloud.pubsub.snapshot.num_messages.value`*:: +*`gcp.pubsub.snapshot.num_messages.value`*:: + -- Number of messages retained in a snapshot. @@ -20081,7 +21600,7 @@ type: long -- -*`googlecloud.pubsub.snapshot.num_messages_by_region.value`*:: +*`gcp.pubsub.snapshot.num_messages_by_region.value`*:: + -- Number of messages retained in a snapshot, broken down by Cloud region. @@ -20090,7 +21609,7 @@ type: long -- -*`googlecloud.pubsub.snapshot.config_updates_count.value`*:: +*`gcp.pubsub.snapshot.config_updates_count.value`*:: + -- Cumulative count of configuration changes, grouped by operation type and result. @@ -20106,7 +21625,7 @@ Google Cloud Storage metrics -*`googlecloud.storage.api.request_count.value`*:: +*`gcp.storage.api.request_count.value`*:: + -- Delta count of API calls, grouped by the API method name and response code. @@ -20116,7 +21635,7 @@ type: long -- -*`googlecloud.storage.authz.acl_based_object_access_count.value`*:: +*`gcp.storage.authz.acl_based_object_access_count.value`*:: + -- Delta count of requests that result in an object being granted access solely due to object ACLs. @@ -20125,7 +21644,7 @@ type: long -- -*`googlecloud.storage.authz.acl_operations_count.value`*:: +*`gcp.storage.authz.acl_operations_count.value`*:: + -- Usage of ACL operations broken down by type. @@ -20134,7 +21653,7 @@ type: long -- -*`googlecloud.storage.authz.object_specific_acl_mutation_count.value`*:: +*`gcp.storage.authz.object_specific_acl_mutation_count.value`*:: + -- Delta count of changes made to object specific ACLs. @@ -20144,7 +21663,7 @@ type: long -- -*`googlecloud.storage.network.received_bytes_count.value`*:: +*`gcp.storage.network.received_bytes_count.value`*:: + -- Delta count of bytes received over the network, grouped by the API method name and response code. @@ -20153,7 +21672,7 @@ type: long -- -*`googlecloud.storage.network.sent_bytes_count.value`*:: +*`gcp.storage.network.sent_bytes_count.value`*:: + -- Delta count of bytes sent over the network, grouped by the API method name and response code. @@ -20163,7 +21682,7 @@ type: long -- -*`googlecloud.storage.storage.object_count.value`*:: +*`gcp.storage.storage.object_count.value`*:: + -- Total number of objects per bucket, grouped by storage class. This value is measured once per day, and the value is repeated at each sampling interval throughout the day. @@ -20172,7 +21691,7 @@ type: long -- -*`googlecloud.storage.storage.total_byte_seconds.value`*:: +*`gcp.storage.storage.total_byte_seconds.value`*:: + -- Delta count of bytes received over the network, grouped by the API method name and response code. @@ -20181,7 +21700,7 @@ type: long -- -*`googlecloud.storage.storage.total_bytes.value`*:: +*`gcp.storage.storage.total_bytes.value`*:: + -- Total size of all objects in the bucket, grouped by storage class. This value is measured once per day, and the value is repeated at each sampling interval throughout the day. @@ -20190,6 +21709,317 @@ type: long -- +[[exported-fields-golang]] +== Golang fields + +Golang module + + + +[float] +=== golang + + + + +[float] +=== expvar + +expvar + + + +*`golang.expvar.cmdline`*:: ++ +-- +The cmdline of this Go program start with. + + +type: keyword + +-- + +[float] +=== heap + +The Go program heap information exposed by expvar. + + + +*`golang.heap.cmdline`*:: ++ +-- +The cmdline of this Go program start with. + + +type: keyword + +-- + +[float] +=== gc + +Garbage collector summary. + + + +[float] +=== total_pause + +Total GC pause duration over lifetime of process. + + + +*`golang.heap.gc.total_pause.ns`*:: ++ +-- +Duration in Ns. + + +type: long + +-- + +*`golang.heap.gc.total_count`*:: ++ +-- +Total number of GC was happened. + + +type: long + +-- + +*`golang.heap.gc.next_gc_limit`*:: ++ +-- +Next collection will happen when HeapAlloc > this amount. + + +type: long + +format: bytes + +-- + +*`golang.heap.gc.cpu_fraction`*:: ++ +-- +Fraction of CPU time used by GC. + + +type: float + +-- + +[float] +=== pause + +Last GC pause durations during the monitoring period. + + + +*`golang.heap.gc.pause.count`*:: ++ +-- +Count of GC pause duration during this collect period. + + +type: long + +-- + +[float] +=== sum + +Total GC pause duration during this collect period. + + + +*`golang.heap.gc.pause.sum.ns`*:: ++ +-- +Duration in Ns. + + +type: long + +-- + +[float] +=== max + +Max GC pause duration during this collect period. + + + +*`golang.heap.gc.pause.max.ns`*:: ++ +-- +Duration in Ns. + + +type: long + +-- + +[float] +=== avg + +Average GC pause duration during this collect period. + + + +*`golang.heap.gc.pause.avg.ns`*:: ++ +-- +Duration in Ns. + + +type: long + +-- + +[float] +=== system + +Heap summary,which bytes was obtained from system. + + + +*`golang.heap.system.total`*:: ++ +-- +Total bytes obtained from system (sum of XxxSys below). + + +type: long + +format: bytes + +-- + +*`golang.heap.system.obtained`*:: ++ +-- +Via HeapSys, bytes obtained from system. heap_sys = heap_idle + heap_inuse. + + +type: long + +format: bytes + +-- + +*`golang.heap.system.stack`*:: ++ +-- +Bytes used by stack allocator, and these bytes was obtained from system. + + +type: long + +format: bytes + +-- + +*`golang.heap.system.released`*:: ++ +-- +Bytes released to the OS. + + +type: long + +format: bytes + +-- + +[float] +=== allocations + +Heap allocations summary. + + + +*`golang.heap.allocations.mallocs`*:: ++ +-- +Number of mallocs. + + +type: long + +-- + +*`golang.heap.allocations.frees`*:: ++ +-- +Number of frees. + + +type: long + +-- + +*`golang.heap.allocations.objects`*:: ++ +-- +Total number of allocated objects. + + +type: long + +-- + +*`golang.heap.allocations.total`*:: ++ +-- +Bytes allocated (even if freed) throughout the lifetime. + + +type: long + +format: bytes + +-- + +*`golang.heap.allocations.allocated`*:: ++ +-- +Bytes allocated and not yet freed (same as Alloc above). + + +type: long + +format: bytes + +-- + +*`golang.heap.allocations.idle`*:: ++ +-- +Bytes in idle spans. + + +type: long + +format: bytes + +-- + +*`golang.heap.allocations.active`*:: ++ +-- +Bytes in non-idle span. + + +type: long + +format: bytes + +-- + [[exported-fields-graphite]] == Graphite fields @@ -23963,16 +25793,6 @@ type: long -- -*`kafka.partition.partition.isr`*:: -+ --- -List of isr ids. - - -type: keyword - --- - *`kafka.partition.partition.replica`*:: + -- @@ -27223,6 +29043,67 @@ type: double -- Deadline seconds after schedule for considering failed +type: long + +-- + +[float] +=== daemonset + +Kubernetes DaemonSet metrics + + + +*`kubernetes.daemonset.name`*:: ++ +-- +type: keyword + +-- + +[float] +=== replicas + +Kubernetes DaemonSet replica metrics + + + +*`kubernetes.daemonset.replicas.available`*:: ++ +-- +The number of available replicas per DaemonSet + + +type: long + +-- + +*`kubernetes.daemonset.replicas.desired`*:: ++ +-- +The desired number of replicas per DaemonSet + + +type: long + +-- + +*`kubernetes.daemonset.replicas.ready`*:: ++ +-- +The number of ready replicas per DaemonSet + + +type: long + +-- + +*`kubernetes.daemonset.replicas.unavailable`*:: ++ +-- +The number of unavailable replicas per DaemonSet + + type: long -- @@ -27691,7 +29572,7 @@ type: keyword -- Internal IP for the service. -type: ip +type: keyword -- @@ -28199,6 +30080,7 @@ linux module [float] === linux +linux system metrics @@ -28296,6 +30178,147 @@ type: long -- +[float] +=== iostat + +iostat + + + +*`linux.iostat.read.request.merges_per_sec`*:: ++ +-- +The number of read requests merged per second that were queued to the device. + + +type: float + +-- + +*`linux.iostat.write.request.merges_per_sec`*:: ++ +-- +The number of write requests merged per second that were queued to the device. + + +type: float + +-- + +*`linux.iostat.read.request.per_sec`*:: ++ +-- +The number of read requests that were issued to the device per second + + +type: float + +-- + +*`linux.iostat.write.request.per_sec`*:: ++ +-- +The number of write requests that were issued to the device per second + + +type: float + +-- + +*`linux.iostat.read.per_sec.bytes`*:: ++ +-- +The number of Bytes read from the device per second. + + +type: float + +format: bytes + +-- + +*`linux.iostat.read.await`*:: ++ +-- +The average time spent for read requests issued to the device to be served. + + +type: float + +-- + +*`linux.iostat.write.per_sec.bytes`*:: ++ +-- +The number of Bytes write from the device per second. + + +type: float + +format: bytes + +-- + +*`linux.iostat.write.await`*:: ++ +-- +The average time spent for write requests issued to the device to be served. + + +type: float + +-- + +*`linux.iostat.request.avg_size`*:: ++ +-- +The average size (in bytes) of the requests that were issued to the device. + + +type: float + +-- + +*`linux.iostat.queue.avg_size`*:: ++ +-- +The average queue length of the requests that were issued to the device. + + +type: float + +-- + +*`linux.iostat.await`*:: ++ +-- +The average time spent for requests issued to the device to be served. + + +type: float + +-- + +*`linux.iostat.service_time`*:: ++ +-- +The average service time (in milliseconds) for I/O requests that were issued to the device. + + +type: float + +-- + +*`linux.iostat.busy`*:: ++ +-- +Percentage of CPU time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100%. + + +type: float + +-- + [float] === ksm @@ -28370,6 +30393,186 @@ type: long -- +[float] +=== memory + +Linux memory data + + + +[float] +=== page_stats + +memory page statistics + + +*`linux.memory.page_stats.pgscan_kswapd.pages`*:: ++ +-- +pages scanned by kswapd + +type: long + +format: number + +-- + +*`linux.memory.page_stats.pgscan_direct.pages`*:: ++ +-- +pages scanned directly + +type: long + +format: number + +-- + +*`linux.memory.page_stats.pgfree.pages`*:: ++ +-- +pages freed by the system + +type: long + +format: number + +-- + +*`linux.memory.page_stats.pgsteal_kswapd.pages`*:: ++ +-- +number of pages reclaimed by kswapd + +type: long + +format: number + +-- + +*`linux.memory.page_stats.pgsteal_direct.pages`*:: ++ +-- +number of pages reclaimed directly + +type: long + +format: number + +-- + +*`linux.memory.page_stats.direct_efficiency.pct`*:: ++ +-- +direct reclaim efficiency percentage. A lower percentage indicates the system is struggling to reclaim memory. + +type: scaled_float + +format: percent + +-- + +*`linux.memory.page_stats.kswapd_efficiency.pct`*:: ++ +-- +kswapd reclaim efficiency percentage. A lower percentage indicates the system is struggling to reclaim memory. + +type: scaled_float + +format: percent + +-- + +[float] +=== hugepages + +This group contains statistics related to huge pages usage on the system. + + +*`linux.memory.hugepages.total`*:: ++ +-- +Number of huge pages in the pool. + + +type: long + +format: number + +-- + +*`linux.memory.hugepages.used.bytes`*:: ++ +-- +Memory used in allocated huge pages. + + +type: long + +format: bytes + +-- + +*`linux.memory.hugepages.used.pct`*:: ++ +-- +Percentage of huge pages used. + + +type: long + +format: percent + +-- + +*`linux.memory.hugepages.free`*:: ++ +-- +Number of available huge pages in the pool. + + +type: long + +format: number + +-- + +*`linux.memory.hugepages.reserved`*:: ++ +-- +Number of reserved but not allocated huge pages in the pool. + + +type: long + +format: number + +-- + +*`linux.memory.hugepages.surplus`*:: ++ +-- +Number of overcommited huge pages. + + +type: long + +format: number + +-- + +*`linux.memory.hugepages.default_size`*:: ++ +-- +Default size for huge pages. + + +type: long + +format: bytes + +-- + [float] === pageinfo @@ -35352,7 +37555,7 @@ type: keyword *`php_fpm.process.last_request_cpu`*:: + -- -The max amount of memory the last request consumed (it is always 0 if the process is not in Idle state because memory calculation is done when the request processing has terminated) +The CPU percentage the last request consumed. It's always 0 if the process is not in Idle state because CPU calculation is done when the request processing has terminated type: long @@ -35362,7 +37565,7 @@ type: long *`php_fpm.process.last_request_memory`*:: + -- -The content length of the request (only with POST) (of the current request) +The max amount of memory the last request consumed. It's always 0 if the process is not in Idle state because memory calculation is done when the request processing has terminated type: integer @@ -39741,7 +41944,7 @@ type: long *`system.fsstat.total_files`*:: + -- -Total number of files. +Total number of files. Not on Windows. type: long @@ -40603,7 +42806,7 @@ format: bytes *`system.process.memory.rss.bytes`*:: + -- -The Resident Set Size. The amount of memory the process occupied in main memory (RAM). On Windows this represents the current working set size, in bytes. +The Resident Set Size. The amount of memory the process occupied in main memory (RAM). On Windows this represents the current working set size, in bytes. Not available on Windows. type: long @@ -40615,7 +42818,31 @@ format: bytes *`system.process.memory.rss.pct`*:: + -- -The percentage of memory the process occupied in main memory (RAM). +The percentage of memory the process occupied in main memory (RAM). Not available on Windows. + + +type: scaled_float + +format: percent + +-- + +*`system.process.memory.wss.bytes`*:: ++ +-- +The Working Set Size. The amount of memory the process occupied in main memory (RAM). Windows only. + + +type: long + +format: bytes + +-- + +*`system.process.memory.wss.pct`*:: ++ +-- +The percentage of memory the process occupied in main memory (RAM). Windows only. type: scaled_float @@ -40627,7 +42854,7 @@ format: percent *`system.process.memory.share`*:: + -- -The shared memory the process uses. +The shared memory the process uses. Not available on Windows. type: long diff --git a/metricbeat/module/elasticsearch/fields.go b/metricbeat/module/elasticsearch/fields.go index b289382e5a7..39e239c8e8f 100644 --- a/metricbeat/module/elasticsearch/fields.go +++ b/metricbeat/module/elasticsearch/fields.go @@ -32,5 +32,5 @@ func init() { // AssetElasticsearch returns asset data. // This is the base64 encoded gzipped contents of module/elasticsearch. func AssetElasticsearch() string { - return "eJzsXd2P2zYSf89fQexTCyQC7nUfrgf02t4WSK64pgUOh4NKS2ObWUr0ktRmt3/9gdSHKZlfkqjEya0fgqxt/eY3w+Hwazh+g+7h+RYBxUKSQgDmxfEVQpJICrfo5gfz/ZtXCJUgCk5OkrD6Fv31FUIIjb6DKlY2FF4hxIECFnCLDvgVQgKkJPVB3KL/3AhBb16jm6OUp5v/qs+OjMu8YPWeHG7RHlOhnt8ToKW41SLeoBpXcIskqUBIXJ30uwjJ5xPcIkwJFt07JyyPt+jmb8M3b0YABW2EBJ43DSkDGCOTZN2DWfdYjydYwwvIa1bCCO7AWdOTNBUxnzU42Hm4uChpmfFsD6j+XQ44PD3AsRJyIbEUs1Xbiwse5mO2R0fNzCSmo09cKC4kEw0/YkLxjkJO6nz3LEFcfNVjFm2AbC8y0VQV5s/ZAJe5sOyGPxMibGTW9Rra7OVH9KGayOwEHKvObtMzzm69tplmmZ0Rs4I1tXTgumw4JcgBl3l6lgo2NdWPnEjYgKvGXUN28Mu6JAWs67qkLuGJ1Idkvq0BcxXOVfetCKVkQf/tVMt6etkZNqvm9GELNUfnW8hIN6mrBWNYySNnUlJIb7MR8jyzDQODau0SS5zMPyqoGH/OBflzTXzvdR34ZS3u4hj/0AB/zgtcHOFKVTUYrlWWw0MDQl61uiOOaxUe5slpNG2bIlV/7T45gy6PcB3Gugg35rMovp3tfqigTjhzchGJVq3lsypgl6zIHzFtQOSdy6/39oHYGXypz6NR+H6CMt8RmQuQG7Ad4acg3A6qeobEN+Brwqegm55hAlI149UWrqlxUxA8MVLLLRi2wCkoCsk4lHkbjjZgOsJPQVgCr/JHKCTjW/A14VPR3YpnEoKPwAVhdV7h0wY0DfQlZHuSHx6rVYu/Q5FwYKa0dY9t9jVo6V0gu7BD+BYVVLv4VuQo3N4fHqvsUGRnm2SMltkZ37viRxFbFA7awRlpKv7WCWos+Z74M2su9h3GGNfeqlqDL7pdLzRY1LLGdChZQDmCirz4aUXYVepWUGUKKqvw06oBQfNpBJSpCCmsRIxOwAtYsi66JHQqYpdFo2OH0clIzBmIH5Ot29QsTk0yP6QMlzl+BI4P060SP7AP3BTwl2mf6V+BtmMiK05N1vE7ZE6cUK8tbOxXzARODS48XrTGVo3AB8hrXLOFu/HKaJpA1tHMNGTm3N2P6YiX7pZG22Iv8oeGSZxXpOBJVM6Kvcg0ZtYsURmN1kjYf2qRYvium2oHPGf7HCg+dcGOsHLFKDg2iHovm2AnHcfPGugz7rzflXdNaJdpMMFOqoGefgzQ3u63nLzB3dkZQ8TH2zLb9ElWS85o7vPtaAN0S78YzNhOSUlFpG+KsoSgBnXOVebQawN4YnptCJ9Lb9iN4qwAcT0TjsWTuU4R3a3mT+PkUR/Nnxijq0yxa+h9Mls8NNDYZl0BSxi6ZIpPpnFWbfpz+ACFtAbtuWR6qMWnKgeYPvVZLXwAeTUGVlxW21efElyThTWhq7Fxy2a1ldOfya418/ng8yrs3H262tD6uOua7NwmQF2LmVs2s63ck5hm4tqta0nDdWdj9rmr1vzQe3j+yLipsxW7fY1TfTtcLSVzSrVs0iSQSUq3RNUm1s2hFXI1plWqkftrbytb05gAZOpwLrIBwur1jpWA7v5ulTNp/hSSxi1vCquwagqruB1jFHA9T9ydQPII2tj6Py2+/vs7OwHKintM7WnESyn0oAhqvKNQIlYPtL679MeCBx3DI/N7zoR40zs8hxMlhc7wRNPs4XGqff/y+RwFXDqaZ3GSpjPI2f0roH3/eocrQGzfMXZIOnvdUy7gIa+Zkwxl1kOiCCZv8ROpmgoJeGigLqDbiVHkhuTb3iE6tuKIJ3oPmTSMUvbxy2qCnnOgEbTSWWucDZrh3WB1ZWgtDH0k8khay/u5nbOkddaOhGkMSMvwLK7lBSX6pu/IUH6LSC2ZZj2YttVnz1nl9yM03U8TpC4gV2NWrpPXPTl/yzV7Typ4jUiNKvEaaYlj9ko82oMsjnChhJP+gbIdpnlxhOJeZ9xsQPwnLQOdZSCdFKe669j03klFeFPHF867QL4+eCuEi932FUO5yawR6JsDB6hfo2dQhnmNOJTf2gd5NezF52JGTCiE5kD0vCuLCoD+RE6P2wSd5j2TmBoxXiurfL/3CAcT68xnHZVzQGnB3wAlB7KjEE3KknKfipKCDvBwXzBBazzmroW7Yp/pFI5oIB18LkO274AhyOZXPZa4rbM8PXr1ODKxU6u9x0zm9jqpMCeeLId0tFpZz2F6F9db/Fl4a1zsrQZGjVAjLOOGyIuhC2pORjtis8esHzRCgiGr3ZwR5E/7CtRiitBocfaddoHe3e/QraQmHa1EKxkOFZOQ908km4IXDef2k5a1jvl9i2yuOBopJK5LUh86fQYLuPuO/55okgmvmxaCJygaCWU3cdRLeSExl83J3k79A3nbxNBdeNzcg+QRy67z9Kd5jAt0xI8Qp4RrTTa7/00B5ne8tJs+d4qPZ9cn7cXtkhWhmzXpYn3JikYnUyNzIenuS5pcCRTsG8bJ6bWSZtPUFwN04A3kBjqo7hmvsLxFroejVVEU+kW75qwU0Kge8nHXq9JZuSU2iA0Ti0q239q0Z/6VMTnYPbcbJB1Vi7nt8SrjULBHGOW7fIbA5dgVnx/n21lwr9RoC9+Up+DTBcqJUIVkF9tNMa2SF+1Sv+cNIDKZu9plC3mZg7pC53/12mpci5uZsiXmB5BZyrOP9xqyHZKdrdyKPTJhT3lYLVghI1yWHIRA3xSsoSXaAbr7ZXiTcf0lxcexrdKRTDt0myTHA7jdN3Rhm6Tt86uG9LdPJzZt+5iCU7RPRzJt+5gk7QeqbXTuytB83uDsWoS/zPWS0HuZ673M9YL858310Msq7aXnvvTcL7DnnhNasg9st2bcr+gWK7JFs53favLQAKoo+sB27tmgxI5Mw0VCf2a7FtIurcQSt3d6h9x3KHO1huOl9a7v0hXpLz14e3YGj5dubONE6kdMSZmXWEJSPu+PZi5Lq7DQORUIiDwCRxhVRAhSHxQhaL1ETZRx+7feMG3n0jWTaj59wlxAaVljXLh1VPqcR4HJ8/PduqudkM7NdGZch2pv1XGdBbfaEcJ+/v0tuqv3LO7kM6R1SPMIQj0pqwHQxaWq9qowqT33gbYOz/8AfEKKwSgiKx3CY5+pRPhG+MY6VPhpuQo1qz9/U7xj9ZsEzdHr8jlbZFAlvlUmN8iyDVJY9z04UthQ6lyu1mjWyLw+7emiijBaNvlImzqiYzQx8kemyFe16oEnIqQefft1xfWueK5onfClrRD6xVdgGY8SLhwXLQy10AhyrmKvKMnN6UCTBVVHwaYbbbxe1jROo0aoEHGEHhMob4XNGXAR5X4DaEb2j6MYLvrCXMFX6fZL08V6YTKNEqHasxFaTKDWOPU02m+icnyh1Qjlw4OKGWVn1ExNLHtO/dPEoqOqhyaWGVcPNLHQWaU9E8ueU6ZzA9GfWuaMMporJRs7QUPBtOi1TbBw+jbL3h5eLWY3CaGfqhdba5nMEmKrqTJt0hNjNNl69eff3/bHBgp30ZLVXvPU32wR64N/0vKS2uWiIHL243FdlMYNxko5vqJve7rWNybhE+D7K2H8C+D7WMr59Rha067irO2tcflpaf/Wbul5F8CuirSr+9y/FfBLr7sGxi+97tp6nWj4I3lk7rvnKzrerx32S9+7BsYvfe8a+p458R1VA081+f3p+/PPAdg7W8TU1yhKvtUs+CwBHYql8WDFxm0U0SHuLHaogJDR5Gdjq7fzoP9vu1v74j5dZvZlwnkY00PXfP1IKCDxLCRUHjExrdfuD3/SOBlo5z2HmBqyn45Q+HdrPxWrYffY/ju4KMlmkuuucxg9JMGUEvmrqyjGsuYpU/yvz86EnvVjsR7swQAJr89vVPY+9hcNvGdH1h81SMNv1i8HBM/L7FYMMw2xHckIF/2PYIwmmb5BJB/1GPqmwLkV+iP1MUXMLaG/UERsofsI+PEZ9PZuFFGnHkVkpI5Rw8XlUayhY8Y6c6kWKhufQPA0R9BenN0pJOYAw165Ha2K7ZYq7n5AHygapwd4qv56bTEGChbsDWD1OJfF1L9SRf0FJ78qVbfNlLkuXW3Vvb8SVT3/GYakrr7XCXQNo1xiYcat2dnPf9gA/9AjHya1QBh1HyD1gYlk7mMsSZcWwGXOuKvK7/xbQncaEl1CGpfCGSfSXstiyS0pC9zQI/VteaukFbfvM/Qj4wiecHWiSqFGvqnw6TRN/RzNvkidt459sbGz+DoWqXR27bgy/qD5pBTsbJfsKsxq51nlY5uVLpFHIhBpC35HlDGxVhpOcxdOM/FXUEl5QfG9Tq7GEmJkc6CswFIFFX1To05bLsQstt4VWcaiF9pV981e/S8AAP//Cti0jQ==" + return "eJzsXU1v5DbSvvtXFHxKgBkB79WHNwtkk10HyCDYTPayWChsqbqbY0mUSarHzq9fkPpoSk1KlETZ7YF9CDJu66mnisUiWSpWf4QHfL4DzIiQNBFIeHK8AZBUZngHtz+Zv7+9AUhRJJyWkrLiDv7/BgCg9zeQs7TK8AaAY4ZE4B0cyA2AQClpcRB38J9bIbLbD3B7lLK8/a/67Mi4jBNW7OnhDvYkE+r5PcUsFXdaxEcoSI53IGmOQpK81L8FkM8l3gHJKBHNb0oij3dw+7fuL297AElWCYk8riqaTmD0TBI1D0bNYy2eYBVPMC5Yij24A2dVS9JUxHzW4GDn4eKipEXGsy2g+u9ywO7pDo6lGAtJpJit2l5c8DAfsz3aG2YmSdb7xIXiQjLRyInQjOwyjGkR754lios/HTGLNkC0F5Go8pzw56iDi1xYdsOfCVHWM+t6DW32GkccQzWRWYmcqMlu09PPbq22kWYZnRGjhFWFdOC6bDgkyJGkcXiWCjY01a+cStyAq8ZdQ7bzyyKlCa6burRI8YkWh2C+rQFjFc7V9M1pltEF87dRLWrpRWfYKJ8zhy3UHJNvISM9pK4R9GElj5xJmWF4m/WQ55mtWxjUaKdEkmD+kWPO+HMs6F9r4nura8cvqnEXx/jHCvlznJDkiFeqqsFwrbIcHysU8qrV7XFcq3C3Tw6jaT0UoeZr88kZdHmEazDWRbg+n0Xx7Wz3Q45FwJ2Ti4i3ajWfVQE7ZUl8IlmFIm5cfr23d8TO4Et9Hnrh+wnTeEdlLFBuwLaHH4JwvajqHRLfgK8JH4JueIYBSBWM51u4psYNQbBktJBbMKyBQ1AUknFM4zocbcC0hx+CsESexydMJONb8DXhQ9HdimcQgifkgrIizkm5AU0DfQnZluSXU77q8HdIAi7MWVa7xzZ5jSwdPSC7sKfwLSqocRk7kcP0eH855dEhic42iViWRmf80RM/eKQoHLQnd6Sh+Fs3qL7kW+LPrLrIO/Qxrn1UtQZvelwvNFg0ssZ2KFhAOaKKvORpRdhV6uaYRwoqysnTqgVB86kEpqEIKaxAjErkCS45F10SKhPfY1HvtUPvzYjPO5BxTLYuqZmUVTA/zBhJY3JCTg7DVMk48Bi4KeD/hnOm/ZkYOyaipKyiht8hcuJMzdrExn7FTqCsSDLiRWtsVQlywLggBVuYjVdG0wSihmakISNndt9nIl66Wxhtk72IHysmSZzThAdROUr2ItKYUbVEZeidkcj4W4sQy3dR5TvkMdvHmJGyCXaUpStWwb5B1O+iAXbQdfysgX7HHbdZedeGdpkGA+ygGujtRwc9Ov2Wkze4OyfjFPF+WmabOckKyVkWj/m2twGao58Ppu+kzGhO5dgWZQlBDercq8yhVwfwwPTqED6XXpeN4ixBcT0bjsWbuUYRPa3mb+PkUb+aLxnLVpliV2UPwWzxWGFl23VNWMLQJVJ8Io2zKunP8Qsm0hq055JpoRa/VTng8KlXtfAB5dUYWHFZbV/9luCaLKwJXY2NazarrRz+nexaM59ffF6FnZtPVxtav+66JjvXBVDXYuaazWwrtySGlbh261rKcN3VmG3tqrU+9AGfvzJu6mzFrn/6pb4NrpYSOaVakjQBZNLULVGNiTU5tEKuxrRKNWp/7WNlGxoTgA4dzkV2grD6+cRShPu/W+UMhj+EpP7Im8JyoobCKm7HWIakmCfuXoA8oja2/p8aX//7BzuBjCUPJLOXES+l0IICFmSXYQqs6Gj9cOmPCZ90jBGZP3ImxMfW4TmWGU10hScMq4f7pfbtz5jPZUhSx/AsLtJ0Bjm7f01o3/58IjkC2zeMHZLOXvcUC3yMC+YkkzHrSyIPJr+SJ5pXOQh8rLBIsMnEKHJd8W3rEA1bcSQDvbtKGpZl7OvbGoKW88QgaKWj2jgbDMOnzurK0FoYfKXySGvLj3M7V0nrqh2JwxgQluFZXM0LU/iunciYfg+0kEyz7kxb67PnLB/3Ixjm0wQtEozVmhXr4vWRmr/lmn2mOX4AWkAuPoCW2GevxMMeZXLECyWc9A8Z25EsTo6YPOiKmw2I/0PLgLMM0EVxarr2TT+6qZhO6oyF8yaQrw/eCuEi275iKTeZVQK+O3DE4gM8ozLMB+CYfm9f5NWy51+L6bGhEJoD1fuuyCsAjhdyjrjNpNN8ZpJkRozXyirfbz3CwcS681lH5RxQavCPmNED3WXoTcpSch+KkoKe4OG+YAJrPOa+hrtin2kU9hggHXwuQ/bYC4ZJNr/rtcRtneXl0avXkYGdau1HzGSm12lOOB2pcghHq5b1PE3v4nrLeBXeGhf7VQNDJdQKy7gh8mLpwoLTXkZs9pr1k0YIsGTVyRlB/7KfQC2mmFotzr5TH9Cb+x16lNSmo5ZoJcMxZxLj9olgW/Ck4tz+pmWtY/5YI5snjkoKSYqUFodGn84C7rkzfk80yIbXTQvwCZNKYtpsHPVRXkjCZVXax6l9IK6HGJsLj5t7kDwS2Uye9m0e4wKO5IR+SrjOZLPn3xBg/sQLm/S5V3xGsj5hL26nLJm6WRMu1qcsqXQxNZgHSfdc0uRSzNCeMA5Or5Y0m6a+GKAD70RtoIPqnvGcyDtwPeytiqLQHto1Z6WARh0h73e9KpyVa2Kd2GliXsX2W5v2zD83Nge75zpB0lC1mNseryKOCTthr97lFQKXIys+P87Xu+BWqV4K35Sn4MMFyoFQhWQX22wxrZIXZak/8wqBDvaudtlCXtagrtD5X622GtfiZqZsSfgBZRTy3cdnDVkvyc5RrsUembCXPKwWrJCBpClHIeC7hFVZCjuE+9+6XzKu/0jxcaRVGpJhl26TZH8Bt/uGbmwTdHx+15Dj49OIDTs+puAQ49OQDDs+Jkn7C9U6OjdtaF43OLsO4e97vSD03vd673u9Sf7z9nrwfkp7n7nvM/cNztxzQUv0he3WrPt5tsWJbNFu54+CPlYIeQZf2M69G5TEUWm4SOgvbFdD2qWlRJL6Tm9X+45prM5wPLXe9V16Iv2tBa/fneHp0o1tnGhxIhlN45RIDMrn89GsZakVFrqmApDKI3IgkFMhaHFQhLD2ErVRJvW/dcK03ksXTKr9dEm4wNRyxrhwa6/yuREFBs/Pd+umd0I4N9OVcQ2qfVT7fRbcansI++Xfv8J9sWd+bz6ntJ7S3INQS8pqALi4VFVfFabFyH2grcPzP5GUoBj0IrLSYXrtM5WYvhG+sQ45eVquQsGK1x+KT6z4GGA4Wl1ec0Q6VfxHZXCDLNqghHXfgoPCxlTXctVGs0bm9WVPv3flB0B2rJKAJDk2SaACiL28e90+ZWaVyVUdcPBJGUsttO0R4noPN1d0JHhrh4H2nDVxYoeAZ8RFZ0At1IOcq68rBLkkPTFkk6rD5ND1cqyX7YvDqDHVc9hDjwHUaDPNGXAenX0n0IxCH0ffW3hjrjDW1Pat6WK9GxlGiak2sx5aDKDWOPUw2m+isn9PVQ/lpxcVM8rOaI8aWPacVqeBRXs1Cg0s06/1Z2Chs7p4BpY9pyPnBqJfWuaMjpkrJRtJn643WrCzyUYn3BZenVs3CaEvNYutbUtmCbG1TxkOaclYFu68ae9NGmC7MeIrEMbuXqcMqO9Suo4UJuUSycPVcP4NyYMv6fiajK2J534WH+0i+dLE/6jTZqMnT1fX1/f58tqc3+fLSxP3mS+i4id6Yu6b2e9T5vU4v0+ZlybumjLmFq/X4jrkNs9olL3JdAyQGVyTCxw2A/8WdLQ6yT6cV1yW905jgp+7/0wzBPEsJOYjYnxsXqformEKdyPA0adj58sRmv6W0Jdi1SXw7N86CkFmoetm6TT6lARTiud3XIKPZc1Ev/93fc6EnvXVnCPYnQECXlbeqMm4b//40ZXD2kI+DL9Zfdonlw67FaeZTrHtyZhuse7BGAZ1lZNIY9R96JsC5/ZD99THFDG3YflCEb5txT3g+68Bt3cjj67g4FH/10edbuUNvob2WevMU8RUk+4AgocVWfZW2E4hPjlke59sWBXbLT2zxwHHQKH/hnakx+qoLfpAk+1RJ7BanMvW1d+oouPt/b4pVbctVrguXW29lL8RVW+GQG3vpBJ1f5hYEmFGqdmVpX/aAP/U6xyhhQACzQegPjCRzFTPkvpSgVzGjLs6qM6/gXGvIeES0rhwyziV9j4BS26gWOC6+advIlslrbjZHMHPjAM+kbzMlEKV/JiTshzW2vX2WrSIaze+yNAsvupCc13O2O863mk+aLM52yWb7p3aeVb52GZtIeSRCqB1M2WPFhHWLq5h7hlpJuPdKUJe/vqsq1mJRB/ZHDOWEKmCiq6CL8K2YjAbWTcNbIlohTadU6Ob/wUAAP//VN0ZjA==" }