diff --git a/filebeat/module/elasticsearch/audit/test/test.log-expected.json b/filebeat/module/elasticsearch/audit/test/test.log-expected.json index 45a7d55ac4a..54769acd802 100644 --- a/filebeat/module/elasticsearch/audit/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test.log-expected.json @@ -1,114 +1,114 @@ [ { - "@timestamp": "2018-06-19T05:16:15,549", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "i030648", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 0, - "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", + "@timestamp": "2018-06-19T05:16:15.549Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "i030648", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 0, + "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:52,304", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.principal": "rado", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 155, - "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", + "@timestamp": "2018-06-19T05:07:52.304Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.principal": "rado", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 155, + "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:00:15,778", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.action": "indices:data/read/scroll/clear", - "elasticsearch.audit.event_type": "access_granted", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "192.168.1.165", - "elasticsearch.audit.origin_type": "local_node", - "elasticsearch.audit.principal": "_xpack_security", - "elasticsearch.audit.request": "ClearScrollRequest", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 306, - "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", + "@timestamp": "2018-06-19T05:00:15.778Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.action": "indices:data/read/scroll/clear", + "elasticsearch.audit.event_type": "access_granted", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "192.168.1.165", + "elasticsearch.audit.origin_type": "local_node", + "elasticsearch.audit.principal": "_xpack_security", + "elasticsearch.audit.request": "ClearScrollRequest", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 306, + "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:45,544", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.event_type": "anonymous_access_denied", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 519, - "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", + "@timestamp": "2018-06-19T05:07:45.544Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.event_type": "anonymous_access_denied", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 519, + "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:26:27,268", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "N078801", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 654, - "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", + "@timestamp": "2018-06-19T05:26:27.268Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "N078801", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 654, + "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:55:26,898", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.action": "cluster:monitor/main", - "elasticsearch.audit.event_type": "access_denied", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.origin_type": "rest", - "elasticsearch.audit.principal": "_anonymous", - "elasticsearch.audit.request": "MainRequest", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 802, - "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", + "@timestamp": "2018-06-19T05:55:26.898Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.action": "cluster:monitor/main", + "elasticsearch.audit.event_type": "access_denied", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.origin_type": "rest", + "elasticsearch.audit.principal": "_anonymous", + "elasticsearch.audit.request": "MainRequest", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 802, + "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:24:15,190", - "ecs.version": "1.0.0-beta2", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.18.0.3", - "elasticsearch.audit.principal": "elastic", - "elasticsearch.audit.request_body": "body", - "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", - "elasticsearch.node.name": "v_VJhjV", - "event.dataset": "audit", - "event.module": "elasticsearch", - "input.type": "log", - "log.offset": 986, - "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", + "@timestamp": "2018-06-19T05:24:15.190Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.18.0.3", + "elasticsearch.audit.principal": "elastic", + "elasticsearch.audit.request_body": "body", + "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", + "elasticsearch.node.name": "v_VJhjV", + "event.dataset": "audit", + "event.module": "elasticsearch", + "input.type": "log", + "log.offset": 986, + "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/deprecation/test/elasticsearch_deprecation.log-expected.json b/filebeat/module/elasticsearch/deprecation/test/elasticsearch_deprecation.log-expected.json index b6bdb785ffd..9f35fdc906d 100644 --- a/filebeat/module/elasticsearch/deprecation/test/elasticsearch_deprecation.log-expected.json +++ b/filebeat/module/elasticsearch/deprecation/test/elasticsearch_deprecation.log-expected.json @@ -1,50 +1,50 @@ [ { - "@timestamp": "2018-04-23T16:40:13,737", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 0, - "message": "Deprecated field [template] used, replaced by [index_patterns]", + "@timestamp": "2018-04-23T16:40:13.737Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 0, + "message": "Deprecated field [template] used, replaced by [index_patterns]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-04-23T16:40:13,862", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 137, - "message": "Deprecated field [template] used, replaced by [index_patterns]", + "@timestamp": "2018-04-23T16:40:13.862Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 137, + "message": "Deprecated field [template] used, replaced by [index_patterns]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-04-23T16:40:14,792", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 274, - "message": "Deprecated field [template] used, replaced by [index_patterns]", + "@timestamp": "2018-04-23T16:40:14.792Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 274, + "message": "Deprecated field [template] used, replaced by [index_patterns]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-04-23T16:40:15,127", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 411, - "message": "Deprecated field [template] used, replaced by [index_patterns]", + "@timestamp": "2018-04-23T16:40:15.127Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 411, + "message": "Deprecated field [template] used, replaced by [index_patterns]", "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/deprecation/test/other_elasticsearch_deprecation.log-expected.json b/filebeat/module/elasticsearch/deprecation/test/other_elasticsearch_deprecation.log-expected.json index a36decc6f81..b4192b8bd18 100644 --- a/filebeat/module/elasticsearch/deprecation/test/other_elasticsearch_deprecation.log-expected.json +++ b/filebeat/module/elasticsearch/deprecation/test/other_elasticsearch_deprecation.log-expected.json @@ -1,194 +1,194 @@ [ { - "@timestamp": "2017-11-30T13:38:16,911", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.c.ParseField", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 0, - "message": "Deprecated field [inline] used, expected [source] instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T13:38:16,941", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.c.ParseField", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 118, - "message": "Deprecated field [inline] used, expected [source] instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T13:39:28,986", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 236, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T13:39:36,339", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 362, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T13:40:49,540", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 488, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T14:08:37,413", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 614, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T14:08:37,413", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 740, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T14:08:46,006", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 866, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-11-30T14:08:46,006", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 992, - "message": "Fielddata access on the _uid field is deprecated, use _id instead", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-01T14:05:54,017", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.AllFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 1118, - "message": "[_all] is deprecated in 6.0+ and will be removed in 7.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-01T14:05:54,019", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.AllFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 1329, - "message": "[_all] is deprecated in 6.0+ and will be removed in 7.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-01T14:06:52,059", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.AllFieldMapper", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 1540, - "message": "[_all] is deprecated in 6.0+ and will be removed in 7.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-01T14:46:10,428", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.s.a.InternalOrder$Parser", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 1751, - "message": "Deprecated aggregation order key [_term] used, replaced by [_key]", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-04T16:17:18,271", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 1882, - "message": "Deprecated field [template] used, replaced by [index_patterns]", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-04T16:17:18,282", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.MapperService", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 2019, - "message": "[_default_] mapping is deprecated since it is not useful anymore now that indexes cannot have more than one type", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2017-12-04T16:20:43,248", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.d.i.m.MapperService", - "event.dataset": "deprecation", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 2192, - "message": "[_default_] mapping is deprecated since it is not useful anymore now that indexes cannot have more than one type", + "@timestamp": "2017-11-30T13:38:16.911Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.c.ParseField", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 0, + "message": "Deprecated field [inline] used, expected [source] instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T13:38:16.941Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.c.ParseField", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 118, + "message": "Deprecated field [inline] used, expected [source] instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T13:39:28.986Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 236, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T13:39:36.339Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 362, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T13:40:49.540Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 488, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T14:08:37.413Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 614, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T14:08:37.413Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 740, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T14:08:46.006Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 866, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-11-30T14:08:46.006Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.UidFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 992, + "message": "Fielddata access on the _uid field is deprecated, use _id instead", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-01T14:05:54.017Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.AllFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 1118, + "message": "[_all] is deprecated in 6.0+ and will be removed in 7.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-01T14:05:54.019Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.AllFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 1329, + "message": "[_all] is deprecated in 6.0+ and will be removed in 7.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-01T14:06:52.059Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.AllFieldMapper", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 1540, + "message": "[_all] is deprecated in 6.0+ and will be removed in 7.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-01T14:46:10.428Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.s.a.InternalOrder$Parser", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 1751, + "message": "Deprecated aggregation order key [_term] used, replaced by [_key]", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-04T16:17:18.271Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 1882, + "message": "Deprecated field [template] used, replaced by [index_patterns]", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-04T16:17:18.282Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.MapperService", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 2019, + "message": "[_default_] mapping is deprecated since it is not useful anymore now that indexes cannot have more than one type", + "service.name": "elasticsearch" + }, + { + "@timestamp": "2017-12-04T16:20:43.248Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.d.i.m.MapperService", + "event.dataset": "deprecation", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 2192, + "message": "[_default_] mapping is deprecated since it is not useful anymore now that indexes cannot have more than one type", "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/server/test/test.log-expected.json b/filebeat/module/elasticsearch/server/test/test.log-expected.json index a2e51a1069d..71fa347c45a 100644 --- a/filebeat/module/elasticsearch/server/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/server/test/test.log-expected.json @@ -1,272 +1,272 @@ [ { - "@timestamp": "2018-05-17T08:29:12,177", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.name": "test-filebeat-modules", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 0, - "message": "creating index, cause [auto(bulk api)], templates [test-filebeat-modules], shards [5]/[1], mappings [doc]", + "@timestamp": "2018-05-17T08:29:12.177Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.name": "test-filebeat-modules", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 0, + "message": "creating index, cause [auto(bulk api)], templates [test-filebeat-modules], shards [5]/[1], mappings [doc]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:19:35,939", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "", - "elasticsearch.server.component": "o.e.n.Node", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 209, - "message": "initializing ...", + "@timestamp": "2018-05-17T08:19:35.939Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "", + "elasticsearch.server.component": "o.e.n.Node", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 209, + "message": "initializing ...", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:19:36,089", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.e.NodeEnvironment", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 289, - "message": "using [1] data paths, mounts [[/ (/dev/disk1s1)]], net usable_space [32.4gb], net total_space [233.5gb], types [apfs]", + "@timestamp": "2018-05-17T08:19:36.089Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.e.NodeEnvironment", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 289, + "message": "using [1] data paths, mounts [[/ (/dev/disk1s1)]], net usable_space [32.4gb], net total_space [233.5gb], types [apfs]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:19:36,090", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.e.NodeEnvironment", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 477, - "message": "heap size [990.7mb], compressed ordinary object pointers [true]", + "@timestamp": "2018-05-17T08:19:36.090Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.e.NodeEnvironment", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 477, + "message": "heap size [990.7mb], compressed ordinary object pointers [true]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:19:36,116", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "o.e.n.Node", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 611, - "message": "node name [vWNJsZ3] derived from node ID [vWNJsZ3nTIKh5a1ai-ftYQ]; set [node.name] to override", + "@timestamp": "2018-05-17T08:19:36.116Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "o.e.n.Node", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 611, + "message": "node name [vWNJsZ3] derived from node ID [vWNJsZ3nTIKh5a1ai-ftYQ]; set [node.name] to override", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:23:48,941", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.r.a.DiskThresholdMonitor", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 766, - "message": "low disk watermark [85%] exceeded on [vWNJsZ3nTIKh5a1ai-ftYQ][vWNJsZ3][/Users/ruflin/Downloads/elasticsearch-6.2.4/data/nodes/0] free: 33.4gb[14.3%], replicas will not be assigned to this node", + "@timestamp": "2018-05-17T08:23:48.941Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.r.a.DiskThresholdMonitor", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 766, + "message": "low disk watermark [85%] exceeded on [vWNJsZ3nTIKh5a1ai-ftYQ][vWNJsZ3][/Users/ruflin/Downloads/elasticsearch-6.2.4/data/nodes/0] free: 33.4gb[14.3%], replicas will not be assigned to this node", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:29:09,245", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.name": "filebeat-test-input", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1034, - "message": "creating index, cause [auto(bulk api)], templates [filebeat-test-input], shards [5]/[1], mappings [doc]", + "@timestamp": "2018-05-17T08:29:09.245Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.name": "filebeat-test-input", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1034, + "message": "creating index, cause [auto(bulk api)], templates [filebeat-test-input], shards [5]/[1], mappings [doc]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:29:09,576", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.id": "aOGgDwbURfCV57AScqbCgw", - "elasticsearch.index.name": "filebeat-test-input", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1239, - "message": "update_mapping [doc]", + "@timestamp": "2018-05-17T08:29:09.576Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.id": "aOGgDwbURfCV57AScqbCgw", + "elasticsearch.index.name": "filebeat-test-input", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1239, + "message": "update_mapping [doc]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-09T12:47:33,959", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.id": "3tWftqb4RLKdyCAga9syGA", - "elasticsearch.index.name": ".kibana", - "elasticsearch.node.name": "QGY1F5P", - "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1380, - "message": "update_mapping [doc]", + "@timestamp": "2018-07-09T12:47:33.959Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.id": "3tWftqb4RLKdyCAga9syGA", + "elasticsearch.index.name": ".kibana", + "elasticsearch.node.name": "QGY1F5P", + "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1380, + "message": "update_mapping [doc]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:29:25,598", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.n.Node", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1509, - "message": "closing ...", + "@timestamp": "2018-05-17T08:29:25.598Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.n.Node", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1509, + "message": "closing ...", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-05-17T08:29:25,612", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.n.Node", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1591, - "message": "closed", + "@timestamp": "2018-05-17T08:29:25.612Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.n.Node", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1591, + "message": "closed", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:45:48,548", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1668, - "message": "master_left [{srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}], reason [failed to ping, tried [3] times, each with maximum [30s] timeout]", + "@timestamp": "2018-07-03T11:45:48.548Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1668, + "message": "master_left [{srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}], reason [failed to ping, tried [3] times, each with maximum [30s] timeout]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:45:48,548", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", + "@timestamp": "2018-07-03T11:45:48.548Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "log.offset": 2008, - "message": "master left (reason = failed to ping, tried [3] times, each with maximum [30s] timeout), current nodes: nodes:\n {srvmulpvlsk252_md}{uc5xdiQgRhaBIY-sszgjvQ}{X9pC0t1UQQix_NNOM0J6JQ}{srvmulpvlsk252.loganalytics.santanderuk.corp}{180.39.9.93:9300}{ml.max_open_jobs=10, ml.enabled=true}, local\n {srvmulpvlsk258_md}{HgW6EDn5QCmWVmICy4saHw}{o8zku7OJR4CTp0IjY8Ag4Q}{srvmulpvlsk258.loganalytics.santanderuk.corp}{180.39.9.99:9300}{ml.max_open_jobs=10, ml.enabled=true}\n {srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}, master\n {srvmulpvlsk254_id}{wZYeAh2URc2NwBIHZolLWQ}{3nduupo-TzSPaXjQaNu4Sg}{srvmulpvlsk254.loganalytics.santanderuk.corp}{180.39.9.95:9300}{ml.max_open_jobs=10, ml.enabled=true}", + ], + "log.level": "WARN", + "log.offset": 2008, + "message": "master left (reason = failed to ping, tried [3] times, each with maximum [30s] timeout), current nodes: nodes:\n {srvmulpvlsk252_md}{uc5xdiQgRhaBIY-sszgjvQ}{X9pC0t1UQQix_NNOM0J6JQ}{srvmulpvlsk252.loganalytics.santanderuk.corp}{180.39.9.93:9300}{ml.max_open_jobs=10, ml.enabled=true}, local\n {srvmulpvlsk258_md}{HgW6EDn5QCmWVmICy4saHw}{o8zku7OJR4CTp0IjY8Ag4Q}{srvmulpvlsk258.loganalytics.santanderuk.corp}{180.39.9.99:9300}{ml.max_open_jobs=10, ml.enabled=true}\n {srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}, master\n {srvmulpvlsk254_id}{wZYeAh2URc2NwBIHZolLWQ}{3nduupo-TzSPaXjQaNu4Sg}{srvmulpvlsk254.loganalytics.santanderuk.corp}{180.39.9.95:9300}{ml.max_open_jobs=10, ml.enabled=true}", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:45:52,666", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "r.suppressed", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", + "@timestamp": "2018-07-03T11:45:52.666Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "r.suppressed", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "log.offset": 2907, - "message": "path: /_xpack/monitoring/_bulk, params: {system_id=logstash, system_api_version=2, interval=1s}\norg.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/2/no master];\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:57) ~[?:?]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:40) ~[?:?]\n at org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:146) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$1(SecurityActionFilter.java:133) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:208) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:186) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:212) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:185) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:145) ~[?:?]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction.lambda$doPrepareRequest$0(RestMonitoringBulkAction.java:77) ~[?:?]\n at org.elasticsearch.rest.BaseRestHandler.handleReques", + ], + "log.level": "WARN", + "log.offset": 2907, + "message": "path: /_xpack/monitoring/_bulk, params: {system_id=logstash, system_api_version=2, interval=1s}\norg.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/2/no master];\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:57) ~[?:?]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:40) ~[?:?]\n at org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:146) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$1(SecurityActionFilter.java:133) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:208) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:186) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:212) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:185) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:145) ~[?:?]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction.lambda$doPrepareRequest$0(RestMonitoringBulkAction.java:77) ~[?:?]\n at org.elasticsearch.rest.BaseRestHandler.handleReques", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:48:02,552", - "ecs.version": "1.0.0-beta2", - "elasticsearch.server.component": "r.suppressed", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", + "@timestamp": "2018-07-03T11:48:02.552Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.server.component": "r.suppressed", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "log.offset": 7412, - "message": "path: /_xpack/license, params: {}\norg.elasticsearch.discovery.MasterNotDiscoveredException: NodeDisconnectedException[[srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$4.onTimeout(TransportMasterNodeAction.java:209) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:311) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:139) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.retry(TransportMasterNodeAction.java:194) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.access$500(TransportMasterNodeAction.java:107) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$3.handleException(TransportMasterNodeAction.java:183) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$Adapter.lambda$onConnectionClosed$6(TransportService.java:893) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-5.6.3.jar:5.6.3]\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\nCaused by: org.elasticsearch.transport.NodeDisconnectedException: [srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected", + ], + "log.level": "WARN", + "log.offset": 7412, + "message": "path: /_xpack/license, params: {}\norg.elasticsearch.discovery.MasterNotDiscoveredException: NodeDisconnectedException[[srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$4.onTimeout(TransportMasterNodeAction.java:209) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:311) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:139) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.retry(TransportMasterNodeAction.java:194) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.access$500(TransportMasterNodeAction.java:107) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$3.handleException(TransportMasterNodeAction.java:183) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$Adapter.lambda$onConnectionClosed$6(TransportService.java:893) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-5.6.3.jar:5.6.3]\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\nCaused by: org.elasticsearch.transport.NodeDisconnectedException: [srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:45:27,896", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", - "elasticsearch.server.gc.young.one": "3449979", - "elasticsearch.server.gc.young.two": "986594", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", + "@timestamp": "2018-07-03T11:45:27.896Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", + "elasticsearch.server.gc.young.one": "3449979", + "elasticsearch.server.gc.young.two": "986594", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "log.offset": 9873, - "message": "duration [3.8s], collections [1]/[4.3s], total [3.8s]/[8.8h], memory [16.5gb]->[15.7gb]/[30.8gb], all_po\nols {[young] [1.2gb]->[24mb]/[1.4gb]}{[survivor] [191.3mb]->[191.3mb]/[191.3mb]}{[old] [15.1gb]->[15.5gb]/[29.1gb]}", + ], + "log.level": "WARN", + "log.offset": 9873, + "message": "duration [3.8s], collections [1]/[4.3s], total [3.8s]/[8.8h], memory [16.5gb]->[15.7gb]/[30.8gb], all_po\nols {[young] [1.2gb]->[24mb]/[1.4gb]}{[survivor] [191.3mb]->[191.3mb]/[191.3mb]}{[old] [15.1gb]->[15.5gb]/[29.1gb]}", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:45:45,604", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", - "elasticsearch.server.gc.collection_duration.ms": 1600.0, - "elasticsearch.server.gc.observation_duration.ms": 1800.0, - "elasticsearch.server.gc.overhead_seq": "3449992", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 10205, - "message": "[2018-07-03T11:45:45,604][WARN ][o.e.m.j.JvmGcMonitorService] [srvmulpvlsk252_md] [gc][3449992] overhead, spent [1.6s] collecting in the last [1.8s]", + "@timestamp": "2018-07-03T11:45:45.604Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", + "elasticsearch.server.gc.collection_duration.ms": 1600.0, + "elasticsearch.server.gc.observation_duration.ms": 1800.0, + "elasticsearch.server.gc.overhead_seq": "3449992", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 10205, + "message": "[2018-07-03T11:45:45,604][WARN ][o.e.m.j.JvmGcMonitorService] [srvmulpvlsk252_md] [gc][3449992] overhead, spent [1.6s] collecting in the last [1.8s]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T11:48:02,541", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.a.b.TransportShardBulkAction", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "WARN", - "log.offset": 10354, - "message": "[[pro_neocrmbigdata_paas-2018-27][0]] failed to perform indices:data/write/bulk[s] on replica [pro_neocrmbigdata_paas-2018-27][0], node[igrwSoPGSJ6u_5b8k26tgQ], [R], s[STARTED], a[id=DKK34YLHRMmJMkWg8jQH6w]", + "@timestamp": "2018-07-03T11:48:02.541Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.a.b.TransportShardBulkAction", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "WARN", + "log.offset": 10354, + "message": "[[pro_neocrmbigdata_paas-2018-27][0]] failed to perform indices:data/write/bulk[s] on replica [pro_neocrmbigdata_paas-2018-27][0], node[igrwSoPGSJ6u_5b8k26tgQ], [R], s[STARTED], a[id=DKK34YLHRMmJMkWg8jQH6w]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-03T20:10:07,376", - "ecs.version": "1.0.0-beta2", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.x.m.MonitoringService", - "event.dataset": "server", - "event.module": "elasticsearch", - "input.type": "log", + "@timestamp": "2018-07-03T20:10:07.376Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.x.m.MonitoringService", + "event.dataset": "server", + "event.module": "elasticsearch", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "log.offset": 10648, - "message": "monitoring execution failed\norg.elasticsearch.xpack.monitoring.exporter.ExportException: Exception when closing export bulk\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1$1.(ExportBulk.java:106) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1.onFailure(ExportBulk.java:104) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:217) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:211) ~[?:?]\n at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) [elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onSuccess(HttpExportBulk.java:115) [x-pack-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onSuccess(RestClient.java:597) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:352) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:343) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) [httpcore-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:114) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) [httpcore-nio-4.4.5.jar:4.4.5]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\n", + ], + "log.level": "WARN", + "log.offset": 10648, + "message": "monitoring execution failed\norg.elasticsearch.xpack.monitoring.exporter.ExportException: Exception when closing export bulk\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1$1.(ExportBulk.java:106) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1.onFailure(ExportBulk.java:104) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:217) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:211) ~[?:?]\n at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) [elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onSuccess(HttpExportBulk.java:115) [x-pack-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onSuccess(RestClient.java:597) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:352) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:343) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) [httpcore-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:114) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) [httpcore-nio-4.4.5.jar:4.4.5]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\n", "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json index a58b3acdadc..0b9d0db0f1e 100644 --- a/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json @@ -1,139 +1,139 @@ [ { - "@timestamp": "2018-06-29T10:06:14,933", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.query", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "4.5ms", - "elasticsearch.slowlog.took_millis": 4, - "elasticsearch.slowlog.total_hits": 19435, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "event.dataset": "slowlog", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 0, - "message": "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", + "@timestamp": "2018-06-29T10:06:14.933Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.query", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "4.5ms", + "elasticsearch.slowlog.took_millis": 4, + "elasticsearch.slowlog.total_hits": 19435, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "event.dataset": "slowlog", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 0, + "message": "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T10:06:14,943", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "10.8ms", - "elasticsearch.slowlog.took_millis": 10, - "elasticsearch.slowlog.total_hits": 19435, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "event.dataset": "slowlog", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 265, - "message": "[2018-06-29T10:06:14,943][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[10.8ms], took_millis[10], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", + "@timestamp": "2018-06-29T10:06:14.943Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "10.8ms", + "elasticsearch.slowlog.took_millis": 10, + "elasticsearch.slowlog.total_hits": 19435, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "event.dataset": "slowlog", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 265, + "message": "[2018-06-29T10:06:14,943][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[10.8ms], took_millis[10], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T09:01:01,821", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.query", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "124.3ms", - "elasticsearch.slowlog.took_millis": 124, - "elasticsearch.slowlog.total_hits": 0, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "event.dataset": "slowlog", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 532, - "message": "[2018-06-29T09:01:01,821][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[124.3ms], took_millis[124], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", + "@timestamp": "2018-06-29T09:01:01.821Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.query", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "124.3ms", + "elasticsearch.slowlog.took_millis": 124, + "elasticsearch.slowlog.total_hits": 0, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "event.dataset": "slowlog", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 532, + "message": "[2018-06-29T09:01:01,821][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[124.3ms], took_millis[124], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T09:01:01,827", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "7.2ms", - "elasticsearch.slowlog.took_millis": 7, - "elasticsearch.slowlog.total_hits": 0, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "event.dataset": "slowlog", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 1999, - "message": "[2018-06-29T09:01:01,827][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[7.2ms], took_millis[7], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", + "@timestamp": "2018-06-29T09:01:01.827Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "7.2ms", + "elasticsearch.slowlog.took_millis": 7, + "elasticsearch.slowlog.total_hits": 0, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "event.dataset": "slowlog", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 1999, + "message": "[2018-06-29T09:01:01,827][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[7.2ms], took_millis[7], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-04T13:48:07,452", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.slowlog.id": "KUyMZWQBk9jw4gtg2y5-", - "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", - "elasticsearch.slowlog.routing": "", - "elasticsearch.slowlog.source_query": "{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}", - "elasticsearch.slowlog.took": "1.4ms", - "elasticsearch.slowlog.took_millis": 1, - "elasticsearch.slowlog.type": "doc", - "event.dataset": "slowlog", - "event.module": "elasticsearch", - "input.type": "log", - "log.level": "INFO", - "log.offset": 3462, - "message": "[2018-07-04T13:48:07,452][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.4ms], took_millis[1], type[doc], id[KUyMZWQBk9jw4gtg2y5-], routing[], source[{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}]", + "@timestamp": "2018-07-04T13:48:07.452Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.slowlog.id": "KUyMZWQBk9jw4gtg2y5-", + "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", + "elasticsearch.slowlog.routing": "", + "elasticsearch.slowlog.source_query": "{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}", + "elasticsearch.slowlog.took": "1.4ms", + "elasticsearch.slowlog.took_millis": 1, + "elasticsearch.slowlog.type": "doc", + "event.dataset": "slowlog", + "event.module": "elasticsearch", + "input.type": "log", + "log.level": "INFO", + "log.offset": 3462, + "message": "[2018-07-04T13:48:07,452][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.4ms], took_millis[1], type[doc], id[KUyMZWQBk9jw4gtg2y5-], routing[], source[{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}]", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-04T21:51:30,411", - "ecs.version": "1.0.0-beta2", - "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.slowlog.id": "s01HZ2QBk9jw4gtgaFtn", - "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", - "elasticsearch.slowlog.routing": "", - "elasticsearch.slowlog.source_query": "\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }", - "elasticsearch.slowlog.took": "1.7ms", - "elasticsearch.slowlog.took_millis": 1, - "elasticsearch.slowlog.type": "doc", - "event.dataset": "slowlog", - "event.module": "elasticsearch", - "input.type": "log", + "@timestamp": "2018-07-04T21:51:30.411Z", + "ecs.version": "1.0.0-beta2", + "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.slowlog.id": "s01HZ2QBk9jw4gtgaFtn", + "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", + "elasticsearch.slowlog.routing": "", + "elasticsearch.slowlog.source_query": "\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }", + "elasticsearch.slowlog.took": "1.7ms", + "elasticsearch.slowlog.took_millis": 1, + "elasticsearch.slowlog.type": "doc", + "event.dataset": "slowlog", + "event.module": "elasticsearch", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "INFO", - "log.offset": 4753, - "message": "[2018-07-04T21:51:30,411][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.7ms], took_millis[1], type[doc], id[s01HZ2QBk9jw4gtgaFtn], routing[], source[\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }]", + ], + "log.level": "INFO", + "log.offset": 4753, + "message": "[2018-07-04T21:51:30,411][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.7ms], took_millis[1], type[doc], id[s01HZ2QBk9jw4gtgaFtn], routing[], source[\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }]", "service.name": "elasticsearch" } -] \ No newline at end of file +]