From 458c9ba0c1c7e1b93cd0f8c3f453f4ea55245379 Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Fri, 3 Nov 2023 15:05:07 +0100 Subject: [PATCH 1/6] Long dns fix and network transport --- .../log/_dev/test/pipeline/test-dns.log | 1 + .../test/pipeline/test-dns.log-expected.json | 829 +++++++++++++++++- .../elasticsearch/ingest_pipeline/default.yml | 7 + .../ingest_pipeline/pipeline_dns.yml | 18 +- .../_dev/test/pipeline/test-format-common.log | 2 +- 5 files changed, 844 insertions(+), 13 deletions(-) diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log index 0947643cb1c..78cc0884b1f 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log @@ -24,3 +24,4 @@ <30>Apr 14 16:16:05 10.50.1.227 named[2588]: query-errors: client @0x7f97e40eb500 192.168.1.90#64727 (ocsp.digicert.com): query failed (REFUSED) for ocsp.digicert.com/IN/A at query.c:10288 <30>Oct 4 10:18:07 a1.foo.com 89.160.20.112 named[10750]: 04-Oct-2022 10:18:07.834 client 89.160.20.128#59605: UDP: query: 89.160.20.128.a1.foo.com IN PTR response: NOERROR + 89.160.20.128.a1.foo.com. 21801 IN PTR 089.160.20.112.a1.foo.com.; <30>May 9 11:54:36 a1.foo.com 89.160.20.112 named[12261]: 09-May-2023 11:54:36.185 client 89.160.20.128#59605: view 12: UDP: query: settings-win.data.microsoft.com IN TXT response: NOERROR + settings-win.data.microsoft.com. 3600 IN TXT "k=rsa; p=abc" "def" "ghi" "jkl" "AB"; +<30>May 9 11:54:36 a1.foo.com 89.160.20.112 named[12261]: 03-Nov-2023 13:22:37.747 client 192.168.1.1#31645: view 1: TCP: query: www.elastic.co IN A response: NOERROR + www.elastic.co. 1826 IN CNAME cool.server.production.elastic.co.; cool.server.production.elastic.co. 190 IN A 175.16.199.163; cool.server.production.elastic.co. 190 IN A 175.16.199.162; cool.server.production.elastic.co. 190 IN A 175.16.199.161; cool.server.production.elastic.co. 190 IN A 175.16.199.160; cool.server.production.elastic.co. 190 IN A 175.16.199.16; cool.server.production.elastic.co. 190 IN A 175.16.199.159; cool.server.production.elastic.co. 190 IN A 175.16.199.158; cool.server.production.elastic.co. 190 IN A 175.16.199.157; cool.server.production.elastic.co. 190 IN A 175.16.199.156; cool.server.production.elastic.co. 190 IN A 175.16.199.155; cool.server.production.elastic.co. 190 IN A 175.16.199.154; cool.server.production.elastic.co. 190 IN A 175.16.199.153; cool.server.production.elastic.co. 190 IN A 175.16.199.152; cool.server.production.elastic.co. 190 IN A 175.16.199.151; cool.server.production.elastic.co. 190 IN A 175.16.199.150; cool.server.production.elastic.co. 190 IN A 175.16.199.15; cool.server.production.elastic.co. 190 IN A 175.16.199.149; cool.server.production.elastic.co. 190 IN A 175.16.199.148; cool.server.production.elastic.co. 190 IN A 175.16.199.147; cool.server.production.elastic.co. 190 IN A 175.16.199.146; cool.server.production.elastic.co. 190 IN A 175.16.199.145; cool.server.production.elastic.co. 190 IN A 175.16.199.144; cool.server.production.elastic.co. 190 IN A 175.16.199.143; cool.server.production.elastic.co. 190 IN A 175.16.199.142; cool.server.production.elastic.co. 190 IN A 175.16.199.141; cool.server.production.elastic.co. 190 IN A 175.16.199.140; cool.server.production.elastic.co. 190 IN A 175.16.199.14; cool.server.production.elastic.co. 190 IN A 175.16.199.139; cool.server.production.elastic.co. 190 IN A 175.16.199.138; cool.server.production.elastic.co. 190 IN A 175.16.199.137; cool.server.production.elastic.co. 190 IN A 175.16.199.136; cool.server.production.elastic.co. 190 IN A 175.16.199.135; cool.server.production.elastic.co. 190 IN A 175.16.199.134; cool.server.production.elastic.co. 190 IN A 175.16.199.133; cool.server.production.elastic.co. 190 IN A 175.16.199.132; cool.server.production.elastic.co. 190 IN A 175.16.199.131; cool.server.production.elastic.co. 190 IN A 175.16.199.130; cool.server.production.elastic.co. 190 IN A 175.16.199.13; cool.server.production.elastic.co. 190 IN A 175.16.199.129; cool.server.production.elastic.co. 190 IN A 175.16.199.128; cool.server.production.elastic.co. 190 IN A 175.16.199.127; cool.server.production.elastic.co. 190 IN A 175.16.199.126; cool.server.production.elastic.co. 190 IN A 175.16.199.125; cool.server.production.elastic.co. 190 IN A 175.16.199.124; cool.server.production.elastic.co. 190 IN A 175.16.199.123; cool.server.production.elastic.co. 190 IN A 175.16.199.122; cool.server.production.elastic.co. 190 IN A 175.16.199.121; cool.server.production.elastic.co. 190 IN A 175.16.199.120; cool.server.production.elastic.co. 190 IN A 175.16.199.12; cool.server.production.elastic.co. 190 IN A 175.16.199.119; cool.server.production.elastic.co. 190 IN A 175.16.199.118; cool.server.production.elastic.co. 190 IN A 175.16.199.117; cool.server.production.elastic.co. 190 IN A 175.16.199.116; cool.server.production.elastic.co. 190 IN A 175.16.199.115; cool.server.production.elastic.co. 190 IN A 175.16.199.114; cool.server.production.elastic.co. 190 IN A 175.16.199.113; cool.server.production.elastic.co. 190 IN A 175.16.199.112; cool.server.production.elastic.co. 190 IN A 175.16.199.111; cool.server.production.elastic.co. 190 IN A 175.16.199.110; cool.server.production.elastic.co. 190 IN A 175.16.199.11; cool.server.production.elastic.co. 190 IN A 175.16.199.109; cool.server.production.elastic.co. 190 IN A 175.16.199.108; cool.server.production.elastic.co. 190 IN A 175.16.199.107; cool.server.production.elastic.co. 190 IN A 175.16.199.106; cool.server.production.elastic.co. 190 IN A 175.16.199.105; cool.server.production.elastic.co. 190 IN A 175.16.199.104; cool.server.production.elastic.co. 190 IN A 175.16.199.103; cool.server.production.elastic.co. 190 IN A 175.16.199.102; cool.server.production.elastic.co. 190 IN A 175.16.199.101; cool.server.production.elastic.co. 190 IN A 175.16.199.100; cool.server.production.elastic.co. 190 IN A 175.16.199.10; cool.server.production.elastic.co. 190 IN A 175.16.199.1; cool.server.production.elastic.co. 190 IN A 175.16.199.0; cool.server.production.elastic.co. 190 IN A 175.16.199.99; cool.server.production.elastic.co. 190 IN A 175.16.199.98; cool.server.production.elastic.co. 190 IN A 175.16.199.97; cool.server.production.elastic.co. 190 IN A 175.16.199.96; cool.server.production.elastic.co. 190 IN A 175.16.199.95; cool.server.production.elastic.co. 190 IN A 175.16.199.94; cool.server.production.elastic.co. 190 IN A 175.16.199.93; cool.server.production.elastic.co. 190 IN A 175.16.199.92; cool.server.production.elastic.co. 190 IN A 175.16.199.91; cool.server.production.elastic.co. 190 IN A 175.16.199.90; cool.server.production.elastic.co. 190 IN A 175.16.199.9; cool.server.production.elastic.co. 190 IN A 175.16.199.89; cool.server.production.elastic.co. 190 IN A 175.16.199.88; cool.server.production.elastic.co. 190 IN A 175.16.199.87; cool.server.production.elastic.co. 190 IN A 175.16.199.86; cool.server.production.elastic.co. 190 IN A 175.16.199.85; cool.server.production.elastic.co. 190 IN A 175.16.199.84; cool.server.production.elastic.co. 190 IN A 175.16.199.83; cool.server.production.elastic.co. 190 IN A 175.16.199.82; cool.server.production.elastic.co. 190 IN A 175.16.199.81; cool.server.production.elastic.co. 190 IN A 175.16.199.80; cool.server.production.elastic.co. 190 IN A 175.16.199.8; cool.server.production.elastic.co. 190 IN A 175.16.199.79; cool.server.production.elastic.co. 190 IN A 175.16.199.78; cool.server.production.elastic.co. 190 IN A 175.16.199.77; cool.server.production.elastic.co. 190 IN A 175.16.199.76; cool.server.production.elastic.co. 190 IN A 175.16.199.75; cool.server.production.elastic.co. 190 IN A 175.16.199.74; cool.server.production.elastic.co. 190 IN A 175.16.199.73; cool.server.production.elastic.co. 190 IN A 175.16.199.72; cool.server.production.elastic.co. 190 IN A 175.16.199.71; cool.server.production.elastic.co. 190 IN A 175.16.199.70; cool.server.production.elastic.co. 190 IN A 175.16.199.7; cool.server.production.elastic.co. 190 IN A 175.16.199.69; cool.server.production.elastic.co. 190 IN A 175.16.199.68; cool.server.production.elastic.co. 190 IN A 175.16.199.67; cool.server.production.elastic.co. 190 IN A 175.16.199.66; cool.server.production.elastic.co. 190 IN A 175.16.199.65; cool.server.production.elastic.co. 190 IN A 175.16.199.64; cool.server.production.elastic.co. 190 IN A 175.16.199.63; cool.server.production.elastic.co. 190 IN A 175.16.199.62; cool.server.production.elastic.co. 190 IN A 175.16.199.61; cool.server.production.elastic.co. 190 IN A 175.16.199.60; cool.server.production.elastic.co. 190 IN A 175.16.199.6; cool.server.production.elastic.co. 190 IN A 175.16.199.59; cool.server.production.elastic.co. 190 IN A 175.16.199.58; cool.server.production.elastic.co. 190 IN A 175.16.199.57; cool.server.production.elastic.co. 190 IN A 175.16.199.56; cool.server.production.elastic.co. 190 IN A 175.16.199.55; cool.server.production.elastic.co. 190 IN A 175.16.199.54; cool.server.production.elastic.co. 190 IN A 175.16.199.53; cool.server.production.elastic.co. 190 IN A 175.16.199.52; cool.server.production.elastic.co. 190 IN A 175.16.199.51; cool.server.production.elastic.co. 190 IN A 175.16.199.50; cool.server.production.elastic.co. 190 IN A 175.16.199.5; cool.server.production.elastic.co. 190 IN A 175.16.199.49; cool.server.production.elastic.co. 190 IN A 175.16.199.48; cool.server.production.elastic.co. 190 IN A 175.16.199.47; cool.server.production.elastic.co. 190 IN A 175.16.199.46; cool.server.production.elastic.co. 190 IN A 175.16.199.45; cool.server.production.elastic.co. 190 IN A 175.16.199.44; cool.server.production.elastic.co. 190 IN A 175.16.199.43; cool.server.production.elastic.co. 190 IN A 175.16.199.42; cool.server.production.elastic.co. 190 IN A 175.16.199.41; cool.server.production.elastic.co. 190 IN A 175.16.199.40; cool.server.production.elastic.co. 190 IN A 175.16.199.4; cool.server.production.elastic.co. 190 IN A 175.16.199.39; cool.server.production.elastic.co. 190 IN A 175.16.199.38; cool.server.production.elastic.co. 190 IN A 175.16.199.37; cool.server.production.elastic.co. 190 IN A 175.16.199.36; cool.server.production.elastic.co. 190 IN A 175.16.199.35; cool.server.production.elastic.co. 190 IN A 175.16.199.34; cool.server.production.elastic.co. 190 IN A 175.16.199.33; cool.server.production.elastic.co. 190 IN A 175.16.199.32; cool.server.production.elastic.co. 190 IN A 175.16.199.31; cool.server.production.elastic.co ... \ No newline at end of file diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index f4ca5ce00a4..18a7c7fc00d 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -1587,7 +1587,7 @@ }, "message": "09-May-2023 11:54:36.185 client 89.160.20.128#59605: view 12: UDP: query: settings-win.data.microsoft.com IN TXT response: NOERROR + settings-win.data.microsoft.com. 3600 IN TXT \"k=rsa; p=abc\" \"def\" \"ghi\" \"jkl\" \"AB\";", "network": { - "transport": "view 12: udp" + "transport": "udp" }, "process": { "pid": 12261 @@ -1605,6 +1605,833 @@ "tags": [ "preserve_original_event" ] + }, + { + "@timestamp": "2023-11-03T13:22:37.747Z", + "client": { + "ip": "192.168.1.1", + "port": 31645 + }, + "dns": { + "answers": { + "class": [ + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN", + "IN" + ], + "data": [ + "cool.server.production.elastic.co", + "175.16.199.163", + "175.16.199.162", + "175.16.199.161", + "175.16.199.160", + "175.16.199.16", + "175.16.199.159", + "175.16.199.158", + "175.16.199.157", + "175.16.199.156", + "175.16.199.155", + "175.16.199.154", + "175.16.199.153", + "175.16.199.152", + "175.16.199.151", + "175.16.199.150", + "175.16.199.15", + "175.16.199.149", + "175.16.199.148", + "175.16.199.147", + "175.16.199.146", + "175.16.199.145", + "175.16.199.144", + "175.16.199.143", + "175.16.199.142", + "175.16.199.141", + "175.16.199.140", + "175.16.199.14", + "175.16.199.139", + "175.16.199.138", + "175.16.199.137", + "175.16.199.136", + "175.16.199.135", + "175.16.199.134", + "175.16.199.133", + "175.16.199.132", + "175.16.199.131", + "175.16.199.130", + "175.16.199.13", + "175.16.199.129", + "175.16.199.128", + "175.16.199.127", + "175.16.199.126", + "175.16.199.125", + "175.16.199.124", + "175.16.199.123", + "175.16.199.122", + "175.16.199.121", + "175.16.199.120", + "175.16.199.12", + "175.16.199.119", + "175.16.199.118", + "175.16.199.117", + "175.16.199.116", + "175.16.199.115", + "175.16.199.114", + "175.16.199.113", + "175.16.199.112", + "175.16.199.111", + "175.16.199.110", + "175.16.199.11", + "175.16.199.109", + "175.16.199.108", + "175.16.199.107", + "175.16.199.106", + "175.16.199.105", + "175.16.199.104", + "175.16.199.103", + "175.16.199.102", + "175.16.199.101", + "175.16.199.100", + "175.16.199.10", + "175.16.199.1", + "175.16.199.0", + "175.16.199.99", + "175.16.199.98", + "175.16.199.97", + "175.16.199.96", + "175.16.199.95", + "175.16.199.94", + "175.16.199.93", + "175.16.199.92", + "175.16.199.91", + "175.16.199.90", + "175.16.199.9", + "175.16.199.89", + "175.16.199.88", + "175.16.199.87", + "175.16.199.86", + "175.16.199.85", + "175.16.199.84", + "175.16.199.83", + "175.16.199.82", + "175.16.199.81", + "175.16.199.80", + "175.16.199.8", + "175.16.199.79", + "175.16.199.78", + "175.16.199.77", + "175.16.199.76", + "175.16.199.75", + "175.16.199.74", + "175.16.199.73", + "175.16.199.72", + "175.16.199.71", + "175.16.199.70", + "175.16.199.7", + "175.16.199.69", + "175.16.199.68", + "175.16.199.67", + "175.16.199.66", + "175.16.199.65", + "175.16.199.64", + "175.16.199.63", + "175.16.199.62", + "175.16.199.61", + "175.16.199.60", + "175.16.199.6", + "175.16.199.59", + "175.16.199.58", + "175.16.199.57", + "175.16.199.56", + "175.16.199.55", + "175.16.199.54", + "175.16.199.53", + "175.16.199.52", + "175.16.199.51", + "175.16.199.50", + "175.16.199.5", + "175.16.199.49", + "175.16.199.48", + "175.16.199.47", + "175.16.199.46", + "175.16.199.45", + "175.16.199.44", + "175.16.199.43", + "175.16.199.42", + "175.16.199.41", + "175.16.199.40", + "175.16.199.4", + "175.16.199.39", + "175.16.199.38", + "175.16.199.37", + "175.16.199.36", + "175.16.199.35", + "175.16.199.34", + "175.16.199.33", + "175.16.199.32", + "175.16.199.31" + ], + "name": [ + "www.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co", + "cool.server.production.elastic.co" + ], + "ttl": [ + 1826, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190, + 190 + ], + "type": [ + "CNAME", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A", + "A" + ] + }, + "header_flags": [ + "RA" + ], + "question": { + "class": "IN", + "name": "www.elastic.co", + "registered_domain": "elastic.co", + "subdomain": "www", + "top_level_domain": "co", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.10.0" + }, + "event": { + "created": "2023-05-09T11:54:36.000Z", + "original": "<30>May 9 11:54:36 a1.foo.com 89.160.20.112 named[12261]: 03-Nov-2023 13:22:37.747 client 192.168.1.1#31645: view 1: TCP: query: www.elastic.co IN A response: NOERROR + www.elastic.co. 1826 IN CNAME cool.server.production.elastic.co.; cool.server.production.elastic.co. 190 IN A 175.16.199.163; cool.server.production.elastic.co. 190 IN A 175.16.199.162; cool.server.production.elastic.co. 190 IN A 175.16.199.161; cool.server.production.elastic.co. 190 IN A 175.16.199.160; cool.server.production.elastic.co. 190 IN A 175.16.199.16; cool.server.production.elastic.co. 190 IN A 175.16.199.159; cool.server.production.elastic.co. 190 IN A 175.16.199.158; cool.server.production.elastic.co. 190 IN A 175.16.199.157; cool.server.production.elastic.co. 190 IN A 175.16.199.156; cool.server.production.elastic.co. 190 IN A 175.16.199.155; cool.server.production.elastic.co. 190 IN A 175.16.199.154; cool.server.production.elastic.co. 190 IN A 175.16.199.153; cool.server.production.elastic.co. 190 IN A 175.16.199.152; cool.server.production.elastic.co. 190 IN A 175.16.199.151; cool.server.production.elastic.co. 190 IN A 175.16.199.150; cool.server.production.elastic.co. 190 IN A 175.16.199.15; cool.server.production.elastic.co. 190 IN A 175.16.199.149; cool.server.production.elastic.co. 190 IN A 175.16.199.148; cool.server.production.elastic.co. 190 IN A 175.16.199.147; cool.server.production.elastic.co. 190 IN A 175.16.199.146; cool.server.production.elastic.co. 190 IN A 175.16.199.145; cool.server.production.elastic.co. 190 IN A 175.16.199.144; cool.server.production.elastic.co. 190 IN A 175.16.199.143; cool.server.production.elastic.co. 190 IN A 175.16.199.142; cool.server.production.elastic.co. 190 IN A 175.16.199.141; cool.server.production.elastic.co. 190 IN A 175.16.199.140; cool.server.production.elastic.co. 190 IN A 175.16.199.14; cool.server.production.elastic.co. 190 IN A 175.16.199.139; cool.server.production.elastic.co. 190 IN A 175.16.199.138; cool.server.production.elastic.co. 190 IN A 175.16.199.137; cool.server.production.elastic.co. 190 IN A 175.16.199.136; cool.server.production.elastic.co. 190 IN A 175.16.199.135; cool.server.production.elastic.co. 190 IN A 175.16.199.134; cool.server.production.elastic.co. 190 IN A 175.16.199.133; cool.server.production.elastic.co. 190 IN A 175.16.199.132; cool.server.production.elastic.co. 190 IN A 175.16.199.131; cool.server.production.elastic.co. 190 IN A 175.16.199.130; cool.server.production.elastic.co. 190 IN A 175.16.199.13; cool.server.production.elastic.co. 190 IN A 175.16.199.129; cool.server.production.elastic.co. 190 IN A 175.16.199.128; cool.server.production.elastic.co. 190 IN A 175.16.199.127; cool.server.production.elastic.co. 190 IN A 175.16.199.126; cool.server.production.elastic.co. 190 IN A 175.16.199.125; cool.server.production.elastic.co. 190 IN A 175.16.199.124; cool.server.production.elastic.co. 190 IN A 175.16.199.123; cool.server.production.elastic.co. 190 IN A 175.16.199.122; cool.server.production.elastic.co. 190 IN A 175.16.199.121; cool.server.production.elastic.co. 190 IN A 175.16.199.120; cool.server.production.elastic.co. 190 IN A 175.16.199.12; cool.server.production.elastic.co. 190 IN A 175.16.199.119; cool.server.production.elastic.co. 190 IN A 175.16.199.118; cool.server.production.elastic.co. 190 IN A 175.16.199.117; cool.server.production.elastic.co. 190 IN A 175.16.199.116; cool.server.production.elastic.co. 190 IN A 175.16.199.115; cool.server.production.elastic.co. 190 IN A 175.16.199.114; cool.server.production.elastic.co. 190 IN A 175.16.199.113; cool.server.production.elastic.co. 190 IN A 175.16.199.112; cool.server.production.elastic.co. 190 IN A 175.16.199.111; cool.server.production.elastic.co. 190 IN A 175.16.199.110; cool.server.production.elastic.co. 190 IN A 175.16.199.11; cool.server.production.elastic.co. 190 IN A 175.16.199.109; cool.server.production.elastic.co. 190 IN A 175.16.199.108; cool.server.production.elastic.co. 190 IN A 175.16.199.107; cool.server.production.elastic.co. 190 IN A 175.16.199.106; cool.server.production.elastic.co. 190 IN A 175.16.199.105; cool.server.production.elastic.co. 190 IN A 175.16.199.104; cool.server.production.elastic.co. 190 IN A 175.16.199.103; cool.server.production.elastic.co. 190 IN A 175.16.199.102; cool.server.production.elastic.co. 190 IN A 175.16.199.101; cool.server.production.elastic.co. 190 IN A 175.16.199.100; cool.server.production.elastic.co. 190 IN A 175.16.199.10; cool.server.production.elastic.co. 190 IN A 175.16.199.1; cool.server.production.elastic.co. 190 IN A 175.16.199.0; cool.server.production.elastic.co. 190 IN A 175.16.199.99; cool.server.production.elastic.co. 190 IN A 175.16.199.98; cool.server.production.elastic.co. 190 IN A 175.16.199.97; cool.server.production.elastic.co. 190 IN A 175.16.199.96; cool.server.production.elastic.co. 190 IN A 175.16.199.95; cool.server.production.elastic.co. 190 IN A 175.16.199.94; cool.server.production.elastic.co. 190 IN A 175.16.199.93; cool.server.production.elastic.co. 190 IN A 175.16.199.92; cool.server.production.elastic.co. 190 IN A 175.16.199.91; cool.server.production.elastic.co. 190 IN A 175.16.199.90; cool.server.production.elastic.co. 190 IN A 175.16.199.9; cool.server.production.elastic.co. 190 IN A 175.16.199.89; cool.server.production.elastic.co. 190 IN A 175.16.199.88; cool.server.production.elastic.co. 190 IN A 175.16.199.87; cool.server.production.elastic.co. 190 IN A 175.16.199.86; cool.server.production.elastic.co. 190 IN A 175.16.199.85; cool.server.production.elastic.co. 190 IN A 175.16.199.84; cool.server.production.elastic.co. 190 IN A 175.16.199.83; cool.server.production.elastic.co. 190 IN A 175.16.199.82; cool.server.production.elastic.co. 190 IN A 175.16.199.81; cool.server.production.elastic.co. 190 IN A 175.16.199.80; cool.server.production.elastic.co. 190 IN A 175.16.199.8; cool.server.production.elastic.co. 190 IN A 175.16.199.79; cool.server.production.elastic.co. 190 IN A 175.16.199.78; cool.server.production.elastic.co. 190 IN A 175.16.199.77; cool.server.production.elastic.co. 190 IN A 175.16.199.76; cool.server.production.elastic.co. 190 IN A 175.16.199.75; cool.server.production.elastic.co. 190 IN A 175.16.199.74; cool.server.production.elastic.co. 190 IN A 175.16.199.73; cool.server.production.elastic.co. 190 IN A 175.16.199.72; cool.server.production.elastic.co. 190 IN A 175.16.199.71; cool.server.production.elastic.co. 190 IN A 175.16.199.70; cool.server.production.elastic.co. 190 IN A 175.16.199.7; cool.server.production.elastic.co. 190 IN A 175.16.199.69; cool.server.production.elastic.co. 190 IN A 175.16.199.68; cool.server.production.elastic.co. 190 IN A 175.16.199.67; cool.server.production.elastic.co. 190 IN A 175.16.199.66; cool.server.production.elastic.co. 190 IN A 175.16.199.65; cool.server.production.elastic.co. 190 IN A 175.16.199.64; cool.server.production.elastic.co. 190 IN A 175.16.199.63; cool.server.production.elastic.co. 190 IN A 175.16.199.62; cool.server.production.elastic.co. 190 IN A 175.16.199.61; cool.server.production.elastic.co. 190 IN A 175.16.199.60; cool.server.production.elastic.co. 190 IN A 175.16.199.6; cool.server.production.elastic.co. 190 IN A 175.16.199.59; cool.server.production.elastic.co. 190 IN A 175.16.199.58; cool.server.production.elastic.co. 190 IN A 175.16.199.57; cool.server.production.elastic.co. 190 IN A 175.16.199.56; cool.server.production.elastic.co. 190 IN A 175.16.199.55; cool.server.production.elastic.co. 190 IN A 175.16.199.54; cool.server.production.elastic.co. 190 IN A 175.16.199.53; cool.server.production.elastic.co. 190 IN A 175.16.199.52; cool.server.production.elastic.co. 190 IN A 175.16.199.51; cool.server.production.elastic.co. 190 IN A 175.16.199.50; cool.server.production.elastic.co. 190 IN A 175.16.199.5; cool.server.production.elastic.co. 190 IN A 175.16.199.49; cool.server.production.elastic.co. 190 IN A 175.16.199.48; cool.server.production.elastic.co. 190 IN A 175.16.199.47; cool.server.production.elastic.co. 190 IN A 175.16.199.46; cool.server.production.elastic.co. 190 IN A 175.16.199.45; cool.server.production.elastic.co. 190 IN A 175.16.199.44; cool.server.production.elastic.co. 190 IN A 175.16.199.43; cool.server.production.elastic.co. 190 IN A 175.16.199.42; cool.server.production.elastic.co. 190 IN A 175.16.199.41; cool.server.production.elastic.co. 190 IN A 175.16.199.40; cool.server.production.elastic.co. 190 IN A 175.16.199.4; cool.server.production.elastic.co. 190 IN A 175.16.199.39; cool.server.production.elastic.co. 190 IN A 175.16.199.38; cool.server.production.elastic.co. 190 IN A 175.16.199.37; cool.server.production.elastic.co. 190 IN A 175.16.199.36; cool.server.production.elastic.co. 190 IN A 175.16.199.35; cool.server.production.elastic.co. 190 IN A 175.16.199.34; cool.server.production.elastic.co. 190 IN A 175.16.199.33; cool.server.production.elastic.co. 190 IN A 175.16.199.32; cool.server.production.elastic.co. 190 IN A 175.16.199.31; cool.server.production.elastic.co ..." + }, + "host": { + "domain": "a1.foo.com", + "ip": [ + "89.160.20.112" + ] + }, + "infoblox_nios": { + "log": { + "dns": { + "header_flags": "+" + }, + "service_name": "named", + "type": "DNS" + } + }, + "log": { + "syslog": { + "priority": 30 + } + }, + "message": "03-Nov-2023 13:22:37.747 client 192.168.1.1#31645: view 1: TCP: query: www.elastic.co IN A response: NOERROR + www.elastic.co. 1826 IN CNAME cool.server.production.elastic.co.; cool.server.production.elastic.co. 190 IN A 175.16.199.163; cool.server.production.elastic.co. 190 IN A 175.16.199.162; cool.server.production.elastic.co. 190 IN A 175.16.199.161; cool.server.production.elastic.co. 190 IN A 175.16.199.160; cool.server.production.elastic.co. 190 IN A 175.16.199.16; cool.server.production.elastic.co. 190 IN A 175.16.199.159; cool.server.production.elastic.co. 190 IN A 175.16.199.158; cool.server.production.elastic.co. 190 IN A 175.16.199.157; cool.server.production.elastic.co. 190 IN A 175.16.199.156; cool.server.production.elastic.co. 190 IN A 175.16.199.155; cool.server.production.elastic.co. 190 IN A 175.16.199.154; cool.server.production.elastic.co. 190 IN A 175.16.199.153; cool.server.production.elastic.co. 190 IN A 175.16.199.152; cool.server.production.elastic.co. 190 IN A 175.16.199.151; cool.server.production.elastic.co. 190 IN A 175.16.199.150; cool.server.production.elastic.co. 190 IN A 175.16.199.15; cool.server.production.elastic.co. 190 IN A 175.16.199.149; cool.server.production.elastic.co. 190 IN A 175.16.199.148; cool.server.production.elastic.co. 190 IN A 175.16.199.147; cool.server.production.elastic.co. 190 IN A 175.16.199.146; cool.server.production.elastic.co. 190 IN A 175.16.199.145; cool.server.production.elastic.co. 190 IN A 175.16.199.144; cool.server.production.elastic.co. 190 IN A 175.16.199.143; cool.server.production.elastic.co. 190 IN A 175.16.199.142; cool.server.production.elastic.co. 190 IN A 175.16.199.141; cool.server.production.elastic.co. 190 IN A 175.16.199.140; cool.server.production.elastic.co. 190 IN A 175.16.199.14; cool.server.production.elastic.co. 190 IN A 175.16.199.139; cool.server.production.elastic.co. 190 IN A 175.16.199.138; cool.server.production.elastic.co. 190 IN A 175.16.199.137; cool.server.production.elastic.co. 190 IN A 175.16.199.136; cool.server.production.elastic.co. 190 IN A 175.16.199.135; cool.server.production.elastic.co. 190 IN A 175.16.199.134; cool.server.production.elastic.co. 190 IN A 175.16.199.133; cool.server.production.elastic.co. 190 IN A 175.16.199.132; cool.server.production.elastic.co. 190 IN A 175.16.199.131; cool.server.production.elastic.co. 190 IN A 175.16.199.130; cool.server.production.elastic.co. 190 IN A 175.16.199.13; cool.server.production.elastic.co. 190 IN A 175.16.199.129; cool.server.production.elastic.co. 190 IN A 175.16.199.128; cool.server.production.elastic.co. 190 IN A 175.16.199.127; cool.server.production.elastic.co. 190 IN A 175.16.199.126; cool.server.production.elastic.co. 190 IN A 175.16.199.125; cool.server.production.elastic.co. 190 IN A 175.16.199.124; cool.server.production.elastic.co. 190 IN A 175.16.199.123; cool.server.production.elastic.co. 190 IN A 175.16.199.122; cool.server.production.elastic.co. 190 IN A 175.16.199.121; cool.server.production.elastic.co. 190 IN A 175.16.199.120; cool.server.production.elastic.co. 190 IN A 175.16.199.12; cool.server.production.elastic.co. 190 IN A 175.16.199.119; cool.server.production.elastic.co. 190 IN A 175.16.199.118; cool.server.production.elastic.co. 190 IN A 175.16.199.117; cool.server.production.elastic.co. 190 IN A 175.16.199.116; cool.server.production.elastic.co. 190 IN A 175.16.199.115; cool.server.production.elastic.co. 190 IN A 175.16.199.114; cool.server.production.elastic.co. 190 IN A 175.16.199.113; cool.server.production.elastic.co. 190 IN A 175.16.199.112; cool.server.production.elastic.co. 190 IN A 175.16.199.111; cool.server.production.elastic.co. 190 IN A 175.16.199.110; cool.server.production.elastic.co. 190 IN A 175.16.199.11; cool.server.production.elastic.co. 190 IN A 175.16.199.109; cool.server.production.elastic.co. 190 IN A 175.16.199.108; cool.server.production.elastic.co. 190 IN A 175.16.199.107; cool.server.production.elastic.co. 190 IN A 175.16.199.106; cool.server.production.elastic.co. 190 IN A 175.16.199.105; cool.server.production.elastic.co. 190 IN A 175.16.199.104; cool.server.production.elastic.co. 190 IN A 175.16.199.103; cool.server.production.elastic.co. 190 IN A 175.16.199.102; cool.server.production.elastic.co. 190 IN A 175.16.199.101; cool.server.production.elastic.co. 190 IN A 175.16.199.100; cool.server.production.elastic.co. 190 IN A 175.16.199.10; cool.server.production.elastic.co. 190 IN A 175.16.199.1; cool.server.production.elastic.co. 190 IN A 175.16.199.0; cool.server.production.elastic.co. 190 IN A 175.16.199.99; cool.server.production.elastic.co. 190 IN A 175.16.199.98; cool.server.production.elastic.co. 190 IN A 175.16.199.97; cool.server.production.elastic.co. 190 IN A 175.16.199.96; cool.server.production.elastic.co. 190 IN A 175.16.199.95; cool.server.production.elastic.co. 190 IN A 175.16.199.94; cool.server.production.elastic.co. 190 IN A 175.16.199.93; cool.server.production.elastic.co. 190 IN A 175.16.199.92; cool.server.production.elastic.co. 190 IN A 175.16.199.91; cool.server.production.elastic.co. 190 IN A 175.16.199.90; cool.server.production.elastic.co. 190 IN A 175.16.199.9; cool.server.production.elastic.co. 190 IN A 175.16.199.89; cool.server.production.elastic.co. 190 IN A 175.16.199.88; cool.server.production.elastic.co. 190 IN A 175.16.199.87; cool.server.production.elastic.co. 190 IN A 175.16.199.86; cool.server.production.elastic.co. 190 IN A 175.16.199.85; cool.server.production.elastic.co. 190 IN A 175.16.199.84; cool.server.production.elastic.co. 190 IN A 175.16.199.83; cool.server.production.elastic.co. 190 IN A 175.16.199.82; cool.server.production.elastic.co. 190 IN A 175.16.199.81; cool.server.production.elastic.co. 190 IN A 175.16.199.80; cool.server.production.elastic.co. 190 IN A 175.16.199.8; cool.server.production.elastic.co. 190 IN A 175.16.199.79; cool.server.production.elastic.co. 190 IN A 175.16.199.78; cool.server.production.elastic.co. 190 IN A 175.16.199.77; cool.server.production.elastic.co. 190 IN A 175.16.199.76; cool.server.production.elastic.co. 190 IN A 175.16.199.75; cool.server.production.elastic.co. 190 IN A 175.16.199.74; cool.server.production.elastic.co. 190 IN A 175.16.199.73; cool.server.production.elastic.co. 190 IN A 175.16.199.72; cool.server.production.elastic.co. 190 IN A 175.16.199.71; cool.server.production.elastic.co. 190 IN A 175.16.199.70; cool.server.production.elastic.co. 190 IN A 175.16.199.7; cool.server.production.elastic.co. 190 IN A 175.16.199.69; cool.server.production.elastic.co. 190 IN A 175.16.199.68; cool.server.production.elastic.co. 190 IN A 175.16.199.67; cool.server.production.elastic.co. 190 IN A 175.16.199.66; cool.server.production.elastic.co. 190 IN A 175.16.199.65; cool.server.production.elastic.co. 190 IN A 175.16.199.64; cool.server.production.elastic.co. 190 IN A 175.16.199.63; cool.server.production.elastic.co. 190 IN A 175.16.199.62; cool.server.production.elastic.co. 190 IN A 175.16.199.61; cool.server.production.elastic.co. 190 IN A 175.16.199.60; cool.server.production.elastic.co. 190 IN A 175.16.199.6; cool.server.production.elastic.co. 190 IN A 175.16.199.59; cool.server.production.elastic.co. 190 IN A 175.16.199.58; cool.server.production.elastic.co. 190 IN A 175.16.199.57; cool.server.production.elastic.co. 190 IN A 175.16.199.56; cool.server.production.elastic.co. 190 IN A 175.16.199.55; cool.server.production.elastic.co. 190 IN A 175.16.199.54; cool.server.production.elastic.co. 190 IN A 175.16.199.53; cool.server.production.elastic.co. 190 IN A 175.16.199.52; cool.server.production.elastic.co. 190 IN A 175.16.199.51; cool.server.production.elastic.co. 190 IN A 175.16.199.50; cool.server.production.elastic.co. 190 IN A 175.16.199.5; cool.server.production.elastic.co. 190 IN A 175.16.199.49; cool.server.production.elastic.co. 190 IN A 175.16.199.48; cool.server.production.elastic.co. 190 IN A 175.16.199.47; cool.server.production.elastic.co. 190 IN A 175.16.199.46; cool.server.production.elastic.co. 190 IN A 175.16.199.45; cool.server.production.elastic.co. 190 IN A 175.16.199.44; cool.server.production.elastic.co. 190 IN A 175.16.199.43; cool.server.production.elastic.co. 190 IN A 175.16.199.42; cool.server.production.elastic.co. 190 IN A 175.16.199.41; cool.server.production.elastic.co. 190 IN A 175.16.199.40; cool.server.production.elastic.co. 190 IN A 175.16.199.4; cool.server.production.elastic.co. 190 IN A 175.16.199.39; cool.server.production.elastic.co. 190 IN A 175.16.199.38; cool.server.production.elastic.co. 190 IN A 175.16.199.37; cool.server.production.elastic.co. 190 IN A 175.16.199.36; cool.server.production.elastic.co. 190 IN A 175.16.199.35; cool.server.production.elastic.co. 190 IN A 175.16.199.34; cool.server.production.elastic.co. 190 IN A 175.16.199.33; cool.server.production.elastic.co. 190 IN A 175.16.199.32; cool.server.production.elastic.co. 190 IN A 175.16.199.31; cool.server.production.elastic.co ...", + "network": { + "transport": "tcp" + }, + "process": { + "pid": 12261 + }, + "related": { + "hosts": [ + "cool.server.production.elastic.co", + "www.elastic.co", + "a1.foo.com" + ], + "ip": [ + "175.16.199.31", + "192.168.1.1", + "89.160.20.112" + ] + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f156b02b6a8..027f0435452 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -136,6 +136,13 @@ processors: target_field: client.as.organization.name ignore_missing: true if: ctx.client?.as?.organization_name != null + - dissect: + field: network.transport + pattern: "view %{}: %{network.transport}" + if: "ctx.network?.transport?.contains('view') ?: false" + - lowercase: + field: network.transport + ignore_missing: true - script: description: Drops null/empty values recursively. lang: painless diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml index 841082609b8..869e6cf25e7 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml @@ -89,23 +89,20 @@ processors: for (def i = 0; i < arr?.length; i++) { def response = splitUnquoted(arr[i], " "); - map['name'].add(response[0]); - map['ttl'].add(response[1]); - map['class'].add(response[2]); - map['type'].add(response[3]); - map['data'].addAll(response.subList(4, response.length)); + if (response.size() >= 4) { + map['name'].add(response[0]); + map['ttl'].add(response[1]); + map['class'].add(response[2]); + map['type'].add(response[3]); + map['data'].addAll(response.subList(4, response.length)); + } } - ctx.dns.answers = map; - convert: field: dns.answers.ttl type: long ignore_missing: true ignore_failure: true - - lowercase: - field: network.transport - ignore_missing: true - ignore_failure: true - script: description: Remove last Full Stop('.') from `dns.answers.data` field. lang: painless @@ -239,7 +236,6 @@ processors: ctx.put('dns', hm); } ctx.dns.put('header_flags', hf); - - registered_domain: field: "dns.question.name" target_field: "dns.question" diff --git a/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log b/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log index 2b7ed8f90cb..b88821b076c 100644 --- a/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log +++ b/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log @@ -68,4 +68,4 @@ <13>1 2021-09-06T14:40:50.059766+00:00 vcenter vmon 2120 - - Reset fail counters of service. <13>1 2021-09-06T14:40:50.060063+00:00 vcenter vmon 2120 - - Reset fail counters of service. <14>1 2021-09-06T16:57:25.001086+00:00 vcenter updatemgr - - - 2021-09-06T16:57:25:000Z 'Activation' 140154047530752 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity -<14>1 2022-09-01T06:06:19.084018+02:00 host123 vpxd 24962 - - Event [513220451] [1-1] [2022-09-01T04:05:55.57103Z] [vim.event.UserLoginSessionEvent] [info] [root] [TEST] [513220451] [User root@127.0.0.1 logged in as VMware-client/6.5.0] \ No newline at end of file +<14>1 2022-09-01T06:06:19.084018+02:00 host123 vpxd 24962 - - Event [513220451] [1-1] [2022-09-01T04:05:55.57103Z] [vim.event.UserLoginSessionEvent] [info] [root] [TEST] [513220451] [User root@127.0.0.1 logged in as VMware-client/6.5.0] From b0f5a026c862f698e76b0d95d2197e349c4e4348 Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Fri, 3 Nov 2023 15:06:50 +0100 Subject: [PATCH 2/6] Changelog --- packages/infoblox_nios/changelog.yml | 5 +++++ packages/infoblox_nios/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index bcdd3b107b9..741cbc4ffd2 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.18.1" + changes: + - description: Deal with DNS data that ends in `...` and fix network.transport to only include udp/tcp. + type: bugfix + link: https://github.com/elastic/integrations/pull/8397 - version: "1.18.0" changes: - description: Improve 'event.original' check to avoid errors if set. diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index e4c09ee4d5c..870d6c4afca 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: infoblox_nios title: Infoblox NIOS -version: "1.18.0" +version: "1.18.1" description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration categories: From 0efe5bc743167cf890caf7d25401eb24e1db24a4 Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Fri, 3 Nov 2023 15:14:20 +0100 Subject: [PATCH 3/6] remove vmware test file. That does not belong to the infoblox --- .../_dev/test/pipeline/test-format-common.log | 71 ------------------- 1 file changed, 71 deletions(-) delete mode 100644 packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log diff --git a/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log b/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log deleted file mode 100644 index b88821b076c..00000000000 --- a/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log +++ /dev/null @@ -1,71 +0,0 @@ -<14>1 2021-09-06T14:40:05.753710+00:00 vcenter applmgmt-audit - - - 2021-09-06T14:40:05.753: INFO AuthorizationResponse = { authorized=True, method=LOCAL } -<14>1 2021-09-06T14:40:05.802908+00:00 vcenter applmgmt-audit - - - 2021-09-06T14:40:05.802: INFO Authorization Result: User=administrator@vsphere.local, priv=ModifyConfiguration, authorized=True -<14>1 2021-09-06T14:40:13.263383+00:00 vcenter vpxd 58650 - - Event [575792] [1-1] [2021-09-06T14:40:13.26309Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575792] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] -<14>1 2021-09-06T14:40:13.289354+00:00 vcenter vpxd 58650 - - Event [575793] [1-1] [2021-09-06T14:40:13.288346Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575793] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:13 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] -<14>1 2021-09-06T14:40:13.379789+00:00 vcenter vpxd 58650 - - Event [575794] [1-1] [2021-09-06T14:40:13.37948Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575794] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] -<14>1 2021-09-06T14:40:13.507812+00:00 vcenter vpxd 58650 - - Event [575795] [1-1] [2021-09-06T14:40:13.507466Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575795] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:13 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] -<14>1 2021-09-06T14:40:23.295222+00:00 vcenter vpxd 58650 - - Event [575796] [1-1] [2021-09-06T14:40:23.267101Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575796] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] -<14>1 2021-09-06T14:40:23.311646+00:00 vcenter vpxd 58650 - - Event [575797] [1-1] [2021-09-06T14:40:23.286975Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575797] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:23 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] -<14>1 2021-09-06T14:40:23.376095+00:00 vcenter vpxd 58650 - - Event [575798] [1-1] [2021-09-06T14:40:23.375838Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575798] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] -<14>1 2021-09-06T14:40:23.507403+00:00 vcenter vpxd 58650 - - Event [575799] [1-1] [2021-09-06T14:40:23.506793Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575799] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:23 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] -<14>1 2021-09-06T14:40:25.001480+00:00 vcenter updatemgr - - - 2021-09-06T14:40:25:001Z 'Activation' 140154046465792 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity -<14>1 2021-09-06T14:40:25.012155+00:00 vcenter updatemgr - - - 2021-09-06T14:40:25:001Z 'VcIntegrity' 140154046465792 INFO [vcIntegrity, 1519] Getting IP Address from host name: vcenter.resnick-tech.com -<14>1 2021-09-06T14:40:30.285831+00:00 vcenter vpxd 58650 - - Event [575800] [1-1] [2021-09-06T14:40:29.187973Z] [vim.event.GeneralHostWarningEvent] [warning] [] [Home] [575800] [Issue detected on esxi01.resnick-tech.com in Home: vmsyslog logger 10.100.10.30:514 lost 156959 log messages - (2021-09-06T14:40:29.190Z cpu3:2097472)] - (2021-09-06T14:40:29.190Z cpu3:2097472)'] -<14>1 2021-09-06T14:40:30.300037+00:00 vcenter vpxd 58650 - - Event [575802] [1-1] [2021-09-06T14:40:30.299219Z] [vim.event.AlarmActionTriggeredEvent] [info] [] [Home] [575802] [Alarm 'Host error' on esxi01.resnick-tech.com triggered an action] -<14>1 2021-09-06T14:40:30.299651+00:00 vcenter vpxd 58650 - - Event [575801] [1-1] [2021-09-06T14:40:30.298457Z] [vim.event.EventEx] [error] [] [Home] [575801] [Alarm 'Host error' on esxi01.resnick-tech.com triggered by event 575800 'Issue detected on esxi01.resnick-tech.com in Home: vmsyslog logger 10.100.10.30:514 lost 156959 log messages -<14>1 2021-09-06T14:40:30.300637+00:00 vcenter vpxd 58650 - - Event [575803] [1-1] [2021-09-06T14:40:30.299847Z] [vim.event.AlarmSnmpCompletedEvent] [info] [] [Home] [575803] [Alarm 'Host error': an SNMP trap for entity esxi01.resnick-tech.com was sent] -<14>1 2021-09-06T14:40:33.262710+00:00 vcenter vpxd 58650 - - Event [575804] [1-1] [2021-09-06T14:40:33.262441Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575804] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] -<14>1 2021-09-06T14:40:33.287123+00:00 vcenter vpxd 58650 - - Event [575805] [1-1] [2021-09-06T14:40:33.286577Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575805] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:33 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] -<14>1 2021-09-06T14:40:33.435799+00:00 vcenter vpxd 58650 - - Event [575806] [1-1] [2021-09-06T14:40:33.38405Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575806] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] -<14>1 2021-09-06T14:40:33.523419+00:00 vcenter vpxd 58650 - - Event [575807] [1-1] [2021-09-06T14:40:33.523102Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575807] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:33 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] -<15>1 2021-09-06T14:40:33.672115+00:00 vcenter updatemgr - - - 2021-09-06T14:40:33:671Z 'JobDispatcher' 140154045667072 DEBUG [JobDispatcher, 415] The number of tasks: 0 -<30>1 2021-09-06T14:40:43.341294+00:00 vcenter vmcad - - - t@140161560082176: VMCACheckAccessKrb: Authenticated user vcenter.resnick-tech.com@vsphere.local -<14>1 2021-09-06T14:40:45.012317+00:00 vcenter updatemgr - - - 2021-09-06T14:40:45:002Z 'Activation' 140154046199552 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity -<14>1 2021-09-06T14:40:45.027623+00:00 vcenter updatemgr - - - 2021-09-06T14:40:45:002Z 'VcIntegrity' 140154046199552 INFO [vcIntegrity, 1519] Getting IP Address from host name: vcenter.resnick-tech.com -<13>1 2021-09-06T14:40:48.103441+00:00 vcenter vmon 2120 - - Executing service batch op API_HEALTH. IgnoreFail=1, service count=9 -<13>1 2021-09-06T14:40:48.103949+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-rhttpproxy/rhttpproxy-vmon-apihealth.py -<13>1 2021-09-06T14:40:48.104208+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vmware-vpostgres -f /dev/shm/vmware-postgres-health-status.xml -<13>1 2021-09-06T14:40:48.104463+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vapi-endpoint -u /vapiendpoint/health -t 30 -<13>1 2021-09-06T14:40:48.581632+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vpxd-svcs -u /invsvc/invsvc-health -t 30 -<13>1 2021-09-06T14:40:48.582298+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vmware-postgres-archiver -f /dev/shm/vmware-postgres-archiver-health-status.xml -<13>1 2021-09-06T14:40:49.205785+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vpxd -f /etc/vmware-sca/health/vmware-vpxd-health-status.xml -<13>1 2021-09-06T14:40:49.601739+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n sps -u /sms/HealthStatus -t 30 -<13>1 2021-09-06T14:40:49.602401+00:00 vcenter vmon 2120 - - Skip service health check. State STOPPED, Curr request 0 -<13>1 2021-09-06T14:40:49.602770+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-pschealth/vmon/pschealth-vmon-apihealth.py -<13>1 2021-09-06T14:40:50.049574+00:00 vcenter vmon 2120 - - Successfully executed service batch operation API_HEALTH. -<13>1 2021-09-06T14:40:50.051639+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.053344+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.051902+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.053646+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.052151+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.052411+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.052839+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.053097+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.053904+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.054152+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.054407+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.054676+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.054942+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.055458+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.055201+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.055722+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.055986+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.056246+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.056507+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.056775+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.057032+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.057295+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.057586+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.057860+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.058163+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.058428+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.058689+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.058953+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.059216+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.059484+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.059766+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<13>1 2021-09-06T14:40:50.060063+00:00 vcenter vmon 2120 - - Reset fail counters of service. -<14>1 2021-09-06T16:57:25.001086+00:00 vcenter updatemgr - - - 2021-09-06T16:57:25:000Z 'Activation' 140154047530752 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity -<14>1 2022-09-01T06:06:19.084018+02:00 host123 vpxd 24962 - - Event [513220451] [1-1] [2022-09-01T04:05:55.57103Z] [vim.event.UserLoginSessionEvent] [info] [root] [TEST] [513220451] [User root@127.0.0.1 logged in as VMware-client/6.5.0] From 4662860f447320fc6f8e99bb89c625c45d87b04d Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Wed, 22 Nov 2023 16:54:36 +0100 Subject: [PATCH 4/6] should remove the wrong vsphere test file --- .../_dev/test/pipeline/test-format-common.log | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log diff --git a/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log b/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log new file mode 100644 index 00000000000..2b7ed8f90cb --- /dev/null +++ b/packages/vsphere/data_stream/log/_dev/test/pipeline/test-format-common.log @@ -0,0 +1,71 @@ +<14>1 2021-09-06T14:40:05.753710+00:00 vcenter applmgmt-audit - - - 2021-09-06T14:40:05.753: INFO AuthorizationResponse = { authorized=True, method=LOCAL } +<14>1 2021-09-06T14:40:05.802908+00:00 vcenter applmgmt-audit - - - 2021-09-06T14:40:05.802: INFO Authorization Result: User=administrator@vsphere.local, priv=ModifyConfiguration, authorized=True +<14>1 2021-09-06T14:40:13.263383+00:00 vcenter vpxd 58650 - - Event [575792] [1-1] [2021-09-06T14:40:13.26309Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575792] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] +<14>1 2021-09-06T14:40:13.289354+00:00 vcenter vpxd 58650 - - Event [575793] [1-1] [2021-09-06T14:40:13.288346Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575793] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:13 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] +<14>1 2021-09-06T14:40:13.379789+00:00 vcenter vpxd 58650 - - Event [575794] [1-1] [2021-09-06T14:40:13.37948Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575794] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] +<14>1 2021-09-06T14:40:13.507812+00:00 vcenter vpxd 58650 - - Event [575795] [1-1] [2021-09-06T14:40:13.507466Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575795] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:13 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] +<14>1 2021-09-06T14:40:23.295222+00:00 vcenter vpxd 58650 - - Event [575796] [1-1] [2021-09-06T14:40:23.267101Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575796] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] +<14>1 2021-09-06T14:40:23.311646+00:00 vcenter vpxd 58650 - - Event [575797] [1-1] [2021-09-06T14:40:23.286975Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575797] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:23 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] +<14>1 2021-09-06T14:40:23.376095+00:00 vcenter vpxd 58650 - - Event [575798] [1-1] [2021-09-06T14:40:23.375838Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575798] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] +<14>1 2021-09-06T14:40:23.507403+00:00 vcenter vpxd 58650 - - Event [575799] [1-1] [2021-09-06T14:40:23.506793Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575799] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:23 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] +<14>1 2021-09-06T14:40:25.001480+00:00 vcenter updatemgr - - - 2021-09-06T14:40:25:001Z 'Activation' 140154046465792 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity +<14>1 2021-09-06T14:40:25.012155+00:00 vcenter updatemgr - - - 2021-09-06T14:40:25:001Z 'VcIntegrity' 140154046465792 INFO [vcIntegrity, 1519] Getting IP Address from host name: vcenter.resnick-tech.com +<14>1 2021-09-06T14:40:30.285831+00:00 vcenter vpxd 58650 - - Event [575800] [1-1] [2021-09-06T14:40:29.187973Z] [vim.event.GeneralHostWarningEvent] [warning] [] [Home] [575800] [Issue detected on esxi01.resnick-tech.com in Home: vmsyslog logger 10.100.10.30:514 lost 156959 log messages + (2021-09-06T14:40:29.190Z cpu3:2097472)] + (2021-09-06T14:40:29.190Z cpu3:2097472)'] +<14>1 2021-09-06T14:40:30.300037+00:00 vcenter vpxd 58650 - - Event [575802] [1-1] [2021-09-06T14:40:30.299219Z] [vim.event.AlarmActionTriggeredEvent] [info] [] [Home] [575802] [Alarm 'Host error' on esxi01.resnick-tech.com triggered an action] +<14>1 2021-09-06T14:40:30.299651+00:00 vcenter vpxd 58650 - - Event [575801] [1-1] [2021-09-06T14:40:30.298457Z] [vim.event.EventEx] [error] [] [Home] [575801] [Alarm 'Host error' on esxi01.resnick-tech.com triggered by event 575800 'Issue detected on esxi01.resnick-tech.com in Home: vmsyslog logger 10.100.10.30:514 lost 156959 log messages +<14>1 2021-09-06T14:40:30.300637+00:00 vcenter vpxd 58650 - - Event [575803] [1-1] [2021-09-06T14:40:30.299847Z] [vim.event.AlarmSnmpCompletedEvent] [info] [] [Home] [575803] [Alarm 'Host error': an SNMP trap for entity esxi01.resnick-tech.com was sent] +<14>1 2021-09-06T14:40:33.262710+00:00 vcenter vpxd 58650 - - Event [575804] [1-1] [2021-09-06T14:40:33.262441Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575804] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] +<14>1 2021-09-06T14:40:33.287123+00:00 vcenter vpxd 58650 - - Event [575805] [1-1] [2021-09-06T14:40:33.286577Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575805] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:33 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] +<14>1 2021-09-06T14:40:33.435799+00:00 vcenter vpxd 58650 - - Event [575806] [1-1] [2021-09-06T14:40:33.38405Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575806] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged in as Go-http-client/1.1] +<14>1 2021-09-06T14:40:33.523419+00:00 vcenter vpxd 58650 - - Event [575807] [1-1] [2021-09-06T14:40:33.523102Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [575807] [User VSPHERE.LOCAL\Administrator@10.100.10.190 logged out (login time: Monday, 06 September, 2021 02:40:33 PM, number of API invocations: 3, user agent: Go-http-client/1.1)] +<15>1 2021-09-06T14:40:33.672115+00:00 vcenter updatemgr - - - 2021-09-06T14:40:33:671Z 'JobDispatcher' 140154045667072 DEBUG [JobDispatcher, 415] The number of tasks: 0 +<30>1 2021-09-06T14:40:43.341294+00:00 vcenter vmcad - - - t@140161560082176: VMCACheckAccessKrb: Authenticated user vcenter.resnick-tech.com@vsphere.local +<14>1 2021-09-06T14:40:45.012317+00:00 vcenter updatemgr - - - 2021-09-06T14:40:45:002Z 'Activation' 140154046199552 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity +<14>1 2021-09-06T14:40:45.027623+00:00 vcenter updatemgr - - - 2021-09-06T14:40:45:002Z 'VcIntegrity' 140154046199552 INFO [vcIntegrity, 1519] Getting IP Address from host name: vcenter.resnick-tech.com +<13>1 2021-09-06T14:40:48.103441+00:00 vcenter vmon 2120 - - Executing service batch op API_HEALTH. IgnoreFail=1, service count=9 +<13>1 2021-09-06T14:40:48.103949+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-rhttpproxy/rhttpproxy-vmon-apihealth.py +<13>1 2021-09-06T14:40:48.104208+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vmware-vpostgres -f /dev/shm/vmware-postgres-health-status.xml +<13>1 2021-09-06T14:40:48.104463+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vapi-endpoint -u /vapiendpoint/health -t 30 +<13>1 2021-09-06T14:40:48.581632+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vpxd-svcs -u /invsvc/invsvc-health -t 30 +<13>1 2021-09-06T14:40:48.582298+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vmware-postgres-archiver -f /dev/shm/vmware-postgres-archiver-health-status.xml +<13>1 2021-09-06T14:40:49.205785+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n vpxd -f /etc/vmware-sca/health/vmware-vpxd-health-status.xml +<13>1 2021-09-06T14:40:49.601739+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-vmon/vmonApiHealthCmd.py -n sps -u /sms/HealthStatus -t 30 +<13>1 2021-09-06T14:40:49.602401+00:00 vcenter vmon 2120 - - Skip service health check. State STOPPED, Curr request 0 +<13>1 2021-09-06T14:40:49.602770+00:00 vcenter vmon 2120 - - Constructed command: /usr/bin/python /usr/lib/vmware-pschealth/vmon/pschealth-vmon-apihealth.py +<13>1 2021-09-06T14:40:50.049574+00:00 vcenter vmon 2120 - - Successfully executed service batch operation API_HEALTH. +<13>1 2021-09-06T14:40:50.051639+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.053344+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.051902+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.053646+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.052151+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.052411+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.052839+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.053097+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.053904+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.054152+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.054407+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.054676+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.054942+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.055458+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.055201+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.055722+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.055986+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.056246+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.056507+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.056775+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.057032+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.057295+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.057586+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.057860+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.058163+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.058428+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.058689+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.058953+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.059216+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.059484+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.059766+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<13>1 2021-09-06T14:40:50.060063+00:00 vcenter vmon 2120 - - Reset fail counters of service. +<14>1 2021-09-06T16:57:25.001086+00:00 vcenter updatemgr - - - 2021-09-06T16:57:25:000Z 'Activation' 140154047530752 INFO [activationValidator, 368] Leave Validate. Succeeded for integrity.VcIntegrity.retrieveHostIPAddresses on target: Integrity.VcIntegrity +<14>1 2022-09-01T06:06:19.084018+02:00 host123 vpxd 24962 - - Event [513220451] [1-1] [2022-09-01T04:05:55.57103Z] [vim.event.UserLoginSessionEvent] [info] [root] [TEST] [513220451] [User root@127.0.0.1 logged in as VMware-client/6.5.0] \ No newline at end of file From 6c51de1ced2ef09996d2e40c8275ac5f3dfdc1f1 Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Thu, 23 Nov 2023 10:25:58 +0100 Subject: [PATCH 5/6] Update packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> --- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8c6249fb375..6dba601d36d 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -139,7 +139,7 @@ processors: - dissect: field: network.transport pattern: "view %{}: %{network.transport}" - if: "ctx.network?.transport?.contains('view') ?: false" + if: ctx.network?.transport instanceof String && ctx.network.transport.contains('view') - lowercase: field: network.transport ignore_missing: true From 644224bf889f8ebe47f322e7f398ee194b73fc5d Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Mon, 15 Apr 2024 15:39:04 +0200 Subject: [PATCH 6/6] Updated to support indices.shard_stats.total_count --- packages/elasticsearch/changelog.yml | 5 +++++ .../elasticsearch/data_stream/node_stats/fields/fields.yml | 5 +++++ .../elasticsearch/data_stream/node_stats/sample_event.json | 3 +++ packages/elasticsearch/docs/README.md | 4 ++++ packages/elasticsearch/manifest.yml | 2 +- 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/packages/elasticsearch/changelog.yml b/packages/elasticsearch/changelog.yml index 23c605a1b19..d73d9995131 100644 --- a/packages/elasticsearch/changelog.yml +++ b/packages/elasticsearch/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.0" + changes: + - description: Added support for indices.shards_stats.total_count + type: enhancement + link: "abc" - version: "1.11.0" changes: - description: Make Stack Monitoring metrics GA diff --git a/packages/elasticsearch/data_stream/node_stats/fields/fields.yml b/packages/elasticsearch/data_stream/node_stats/fields/fields.yml index 7eb4b56b46e..52b1f996ad7 100644 --- a/packages/elasticsearch/data_stream/node_stats/fields/fields.yml +++ b/packages/elasticsearch/data_stream/node_stats/fields/fields.yml @@ -4,6 +4,11 @@ - name: indices type: group fields: + - name: shards_stats + type: group + fields: + - name: total_count + type: long - name: bulk type: group fields: diff --git a/packages/elasticsearch/data_stream/node_stats/sample_event.json b/packages/elasticsearch/data_stream/node_stats/sample_event.json index 1a4920285eb..b1aa4608b0a 100644 --- a/packages/elasticsearch/data_stream/node_stats/sample_event.json +++ b/packages/elasticsearch/data_stream/node_stats/sample_event.json @@ -105,6 +105,9 @@ } }, "indices": { + "shard_stats": { + "total_count": 1753 + }, "bulk": { "avg_size": { "bytes": 92 diff --git a/packages/elasticsearch/docs/README.md b/packages/elasticsearch/docs/README.md index f2fba20856e..31805c8f5dc 100644 --- a/packages/elasticsearch/docs/README.md +++ b/packages/elasticsearch/docs/README.md @@ -1925,6 +1925,9 @@ An example event for `node_stats` looks as following: } }, "indices": { + "shard_stats": { + "total_count": 1753 + }, "bulk": { "avg_size": { "bytes": 92 @@ -2267,6 +2270,7 @@ An example event for `node_stats` looks as following: | elasticsearch.node.stats.indices.segments.term_vectors.memory.bytes | | long | gauge | | elasticsearch.node.stats.indices.segments.terms.memory.bytes | | long | gauge | | elasticsearch.node.stats.indices.segments.version_map.memory.bytes | | long | gauge | +| elasticsearch.node.stats.indices.shards_stats.total_count | | long | | | elasticsearch.node.stats.indices.store.size.bytes | Total size of the store in bytes. | long | gauge | | elasticsearch.node.stats.ingest.total.count | | long | counter | | elasticsearch.node.stats.ingest.total.current | | long | gauge | diff --git a/packages/elasticsearch/manifest.yml b/packages/elasticsearch/manifest.yml index ab5102301bb..f96bd2ecb3f 100644 --- a/packages/elasticsearch/manifest.yml +++ b/packages/elasticsearch/manifest.yml @@ -1,6 +1,6 @@ name: elasticsearch title: Elasticsearch -version: 1.11.0 +version: 1.12.0 description: Elasticsearch Integration type: integration icons: