From e9775ad67e8e82f0f990ef6150fe4ee11f936136 Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Tue, 13 Oct 2020 13:33:52 -0400
Subject: [PATCH] Document auditbeat system process module config

The documentation for the system/process dataset was missing information
on the configuration options.

Closes #16869
---
 x-pack/auditbeat/docs/modules/system.asciidoc |  2 +-
 .../module/system/_meta/docs.asciidoc         |  2 +-
 .../module/system/process/_meta/docs.asciidoc | 22 ++++++++++++++++++-
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/x-pack/auditbeat/docs/modules/system.asciidoc b/x-pack/auditbeat/docs/modules/system.asciidoc
index 15eafc34116..e850c065197 100644
--- a/x-pack/auditbeat/docs/modules/system.asciidoc
+++ b/x-pack/auditbeat/docs/modules/system.asciidoc
@@ -97,7 +97,7 @@ This module also supports the
 <<module-standard-options-{modulename},standard configuration options>>
 described later.
 
-*`state.period`*:: The frequency at which the datasets send full state information.
+*`state.period`*:: The interval at which the datasets send full state information.
 This option can be overridden per dataset using `{dataset}.state.period`.
 
 *`user.detect_password_changes`*:: If the `user` dataset is configured and
diff --git a/x-pack/auditbeat/module/system/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/_meta/docs.asciidoc
index 083435d94ae..a2a36987c51 100644
--- a/x-pack/auditbeat/module/system/_meta/docs.asciidoc
+++ b/x-pack/auditbeat/module/system/_meta/docs.asciidoc
@@ -90,7 +90,7 @@ This module also supports the
 <<module-standard-options-{modulename},standard configuration options>>
 described later.
 
-*`state.period`*:: The frequency at which the datasets send full state information.
+*`state.period`*:: The interval at which the datasets send full state information.
 This option can be overridden per dataset using `{dataset}.state.period`.
 
 *`user.detect_password_changes`*:: If the `user` dataset is configured and
diff --git a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc
index e1d930e1fbf..e84f7246933 100644
--- a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc
+++ b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc
@@ -2,10 +2,30 @@
 
 beta[]
 
-This is the `process` dataset of the system module.
+This is the `process` dataset of the system module. It generates an event when
+a process starts and stops.
 
 It is implemented for Linux, macOS (Darwin), and Windows.
 
+[float]
+=== Configuration options
+
+*`process.state.period`*:: The interval at which the dataset sends full state
+information. If set this will take precedence over `state.period`. The default
+value is `12h`.
+
+*`process.hash.max_file_size`*:: The maximum size of a file in bytes for which
+{beatname_uc} will compute hashes. Files larger than this size will not be
+hashed. The default value is 100 MiB. For convenience units can be specified as
+a suffix to the value. The supported units are `b` (default), `kib`, `kb`,
+`mib`, `mb`, `gib`, `gb`, `tib`, `tb`, `pib`, `pb`, `eib`, and `eb`.
+
+*`process.hash.hash_types`*:: A list of hash types to compute when the file
+changes. The supported hash types are `blake2b_256`, `blake2b_384`,
+`blake2b_512`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`,
+`sha512_224`, `sha512_256`, `sha3_224`, `sha3_256`, `sha3_384`, `sha3_512`, and
+`xxh64`. The default value is `sha1`.
+
 [float]
 ==== Example dashboard