From 5f5dd326c6b4a4aa1abf4ca884873ed68be7ce1d Mon Sep 17 00:00:00 2001 From: Chris Roberson Date: Mon, 15 Apr 2019 08:45:47 -0400 Subject: [PATCH] [Monitoring] Introducing Logs UI (#31275) * Initial implementation * More logs UI work * Remove unnecessary code * Add support to build a logs url based on the cluster and/or node uuid * Deep link directly * Update link * Use CCS to access remote filebeat data * Fix existing tests * Add log specific api integration tests * Localization * Adding more localization * Adding unit tests for logs ui * Client side unit tests, configuration for log fetch count, adding visual callout for why we can't detect logs * Remove debug * Fix localization issue * Update tests * PR feedback * Update import * Format the count to avoid a huge string of numbers * Use @timestamp instead * Handle scenario where the time period is not right but the type exists * Update jest tests * Update api tests * Text changes * Add periods * Update tests --- x-pack/plugins/monitoring/common/constants.js | 2 + x-pack/plugins/monitoring/config.js | 3 +- .../cluster/overview/elasticsearch_panel.js | 122 +- .../components/elasticsearch/index/index.js | 8 + .../components/elasticsearch/node/node.js | 14 +- .../elasticsearch/overview/overview.js | 12 +- .../logs/__snapshots__/logs.test.js.snap | 319 ++ .../logs/__snapshots__/reason.test.js.snap | 170 + .../public/components/logs/index.js | 7 + .../monitoring/public/components/logs/logs.js | 242 + .../public/components/logs/logs.test.js | 125 + .../public/components/logs/reason.js | 140 + .../public/components/logs/reason.test.js | 64 + .../public/views/elasticsearch/index/index.js | 3 + .../public/views/elasticsearch/node/index.js | 2 + .../elasticsearch/overview/controller.js | 12 +- .../get_clusters_summary.test.js.snap | 4 + .../lib/cluster/get_clusters_from_request.js | 6 +- .../lib/cluster/get_clusters_summary.js | 6 +- .../monitoring/server/lib/create_query.js | 44 +- .../server/lib/logs/detect_reason.js | 152 + .../server/lib/logs/get_log_types.js | 93 + .../monitoring/server/lib/logs/get_logs.js | 91 + .../monitoring/server/lib/logs/index.js | 8 + .../server/routes/api/v1/cluster/cluster.js | 14 +- .../server/routes/api/v1/cluster/clusters.js | 14 +- .../api/v1/elasticsearch/index_detail.js | 8 +- .../api/v1/elasticsearch/node_detail.js | 9 +- .../routes/api/v1/elasticsearch/overview.js | 11 +- .../monitoring/cluster/fixtures/overview.json | 13 + .../elasticsearch/fixtures/index_detail.json | 14 + .../elasticsearch/fixtures/node_detail.json | 14 + .../fixtures/overview_green_platinum.json | 16 +- .../fixtures/overview_red_platinum.json | 14 + .../fixtures/overview_shards_relocating.json | 14 + .../api_integration/apis/monitoring/index.js | 1 + .../apis/monitoring/logs/cluster.js | 39 + .../monitoring/logs/fixtures/cluster.json | 4 + .../logs/fixtures/index_detail.json | 13 + .../monitoring/logs/fixtures/node_detail.json | 79 + .../apis/monitoring/logs/index.js | 13 + .../apis/monitoring/logs/index_detail.js | 39 + .../apis/monitoring/logs/node_detail.js | 39 + .../standalone_cluster/fixtures/cluster.json | 52 +- .../es_archives/monitoring/logs/data.json.gz | Bin 0 -> 33096 bytes .../es_archives/monitoring/logs/mappings.json | 4441 +++++++++++++++++ 46 files changed, 6470 insertions(+), 40 deletions(-) create mode 100644 x-pack/plugins/monitoring/public/components/logs/__snapshots__/logs.test.js.snap create mode 100644 x-pack/plugins/monitoring/public/components/logs/__snapshots__/reason.test.js.snap create mode 100644 x-pack/plugins/monitoring/public/components/logs/index.js create mode 100644 x-pack/plugins/monitoring/public/components/logs/logs.js create mode 100644 x-pack/plugins/monitoring/public/components/logs/logs.test.js create mode 100644 x-pack/plugins/monitoring/public/components/logs/reason.js create mode 100644 x-pack/plugins/monitoring/public/components/logs/reason.test.js create mode 100644 x-pack/plugins/monitoring/server/lib/logs/detect_reason.js create mode 100644 x-pack/plugins/monitoring/server/lib/logs/get_log_types.js create mode 100644 x-pack/plugins/monitoring/server/lib/logs/get_logs.js create mode 100644 x-pack/plugins/monitoring/server/lib/logs/index.js create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/cluster.js create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/fixtures/cluster.json create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/fixtures/index_detail.json create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/fixtures/node_detail.json create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/index.js create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/index_detail.js create mode 100644 x-pack/test/api_integration/apis/monitoring/logs/node_detail.js create mode 100644 x-pack/test/functional/es_archives/monitoring/logs/data.json.gz create mode 100644 x-pack/test/functional/es_archives/monitoring/logs/mappings.json diff --git a/x-pack/plugins/monitoring/common/constants.js b/x-pack/plugins/monitoring/common/constants.js index 434dcb8f96342..d5f39c47f0eed 100644 --- a/x-pack/plugins/monitoring/common/constants.js +++ b/x-pack/plugins/monitoring/common/constants.js @@ -159,3 +159,5 @@ export const INDEX_PATTERN_LOGSTASH = '.monitoring-logstash-6-*,.monitoring-logs export const INDEX_PATTERN_BEATS = '.monitoring-beats-6-*,.monitoring-beats-7-*'; export const INDEX_ALERTS = '.monitoring-alerts-6,.monitoring-alerts-7'; export const INDEX_PATTERN_ELASTICSEARCH = '.monitoring-es-6-*,.monitoring-es-7-*'; + +export const INDEX_PATTERN_FILEBEAT = 'filebeat-*'; diff --git a/x-pack/plugins/monitoring/config.js b/x-pack/plugins/monitoring/config.js index a751260f243b0..481ea17d800f5 100644 --- a/x-pack/plugins/monitoring/config.js +++ b/x-pack/plugins/monitoring/config.js @@ -70,7 +70,8 @@ export const config = (Joi) => { keyPassphrase: Joi.string(), alwaysPresentCertificate: Joi.boolean().default(false), }).default(), - apiVersion: Joi.string().default('master') + apiVersion: Joi.string().default('master'), + logFetchCount: Joi.number().default(10) }).default(), tests: Joi.object({ cloud_detector: Joi.object({ diff --git a/x-pack/plugins/monitoring/public/components/cluster/overview/elasticsearch_panel.js b/x-pack/plugins/monitoring/public/components/cluster/overview/elasticsearch_panel.js index 93c1596b6dbcc..f9c34bbb94ee1 100644 --- a/x-pack/plugins/monitoring/public/components/cluster/overview/elasticsearch_panel.js +++ b/x-pack/plugins/monitoring/public/components/cluster/overview/elasticsearch_panel.js @@ -4,8 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; -import { get } from 'lodash'; +import React, { Fragment } from 'react'; +import { get, capitalize } from 'lodash'; import { formatNumber } from 'plugins/monitoring/lib/format_number'; import { ClusterItemContainer, HealthStatusIndicator, BytesUsage, BytesPercentageUsage } from './helpers'; import { @@ -18,9 +18,14 @@ import { EuiDescriptionListTitle, EuiDescriptionListDescription, EuiHorizontalRule, + EuiBadge, + EuiToolTip, + EuiFlexGroup, } from '@elastic/eui'; import { LicenseText } from './license_text'; +import { i18n } from '@kbn/i18n'; import { FormattedMessage, injectI18n } from '@kbn/i18n/react'; +import { Reason } from '../../logs/reason'; const calculateShards = shards => { const total = get(shards, 'total', 0); @@ -40,8 +45,97 @@ const calculateShards = shards => { }; }; -function ElasticsearchPanelUi(props) { +function getBadgeColorFromLogLevel(level) { + switch (level) { + case 'warn': + return 'warning'; + case 'debug': + return 'hollow'; + case 'info': + return 'default'; + case 'error': + return 'danger'; + } +} + +function renderLogs(props) { + if (!props.logs.enabled) { + return ( + + + + ); + } + + return ( + + {props.logs.types.map((log, index) => ( + + + + + + {renderLog(log)} + + + ))} + {props.logs.types.length === 0 + ? ( + + ) + : null + } + + ); +} + +const logLevelText = { + info: i18n.translate('xpack.monitoring.cluster.overview.esPanel.infoLogsTooltipText', { + defaultMessage: 'The number of information logs' + }), + warn: i18n.translate('xpack.monitoring.cluster.overview.esPanel.warnLogsTooltipText', { + defaultMessage: 'The number of warning logs' + }), + debug: i18n.translate('xpack.monitoring.cluster.overview.esPanel.debugLogsTooltipText', { + defaultMessage: 'The number of debug logs' + }), + error: i18n.translate('xpack.monitoring.cluster.overview.esPanel.errorLogsTooltipText', { + defaultMessage: 'The number of error logs' + }), + fatal: i18n.translate('xpack.monitoring.cluster.overview.esPanel.fatalLogsTooltipText', { + defaultMessage: 'The number of fatal logs' + }), +}; + +function renderLog(log) { + return ( + + {log.levels.map((level, index) => ( + + + + {formatNumber(level.count, 'int_commas')} + + + + ))} + + ); +} +function ElasticsearchPanelUi(props) { const clusterStats = props.cluster_stats || {}; const nodes = clusterStats.nodes; const indices = clusterStats.indices; @@ -239,6 +333,28 @@ function ElasticsearchPanelUi(props) { + + + +

+ + + +

+ + + {renderLogs(props)} + + + ); diff --git a/x-pack/plugins/monitoring/public/components/elasticsearch/index/index.js b/x-pack/plugins/monitoring/public/components/elasticsearch/index/index.js index 2edd4ec9797e2..6c61c46a871e0 100644 --- a/x-pack/plugins/monitoring/public/components/elasticsearch/index/index.js +++ b/x-pack/plugins/monitoring/public/components/elasticsearch/index/index.js @@ -17,11 +17,15 @@ import { import { IndexDetailStatus } from '../index_detail_status'; import { MonitoringTimeseriesContainer } from '../../chart'; import { ShardAllocation } from '../shard_allocation/shard_allocation'; +import { Logs } from '../../logs'; export const Index = ({ scope, indexSummary, metrics, + clusterUuid, + indexUuid, + logs, kbnUrl, ...props }) => { @@ -54,6 +58,10 @@ export const Index = ({ ))} + + + + diff --git a/x-pack/plugins/monitoring/public/components/elasticsearch/node/node.js b/x-pack/plugins/monitoring/public/components/elasticsearch/node/node.js index 3cb1f021e19ee..d58b67283ab05 100644 --- a/x-pack/plugins/monitoring/public/components/elasticsearch/node/node.js +++ b/x-pack/plugins/monitoring/public/components/elasticsearch/node/node.js @@ -15,12 +15,16 @@ import { EuiPanel, } from '@elastic/eui'; import { NodeDetailStatus } from '../node_detail_status'; +import { Logs } from '../../logs/'; import { MonitoringTimeseriesContainer } from '../../chart'; import { ShardAllocation } from '../shard_allocation/shard_allocation'; export const Node = ({ nodeSummary, metrics, + logs, + nodeId, + clusterUuid, scope, kbnUrl, ...props @@ -53,9 +57,15 @@ export const Node = ({ ))} - - + + + + + + + + ); diff --git a/x-pack/plugins/monitoring/public/components/elasticsearch/overview/overview.js b/x-pack/plugins/monitoring/public/components/elasticsearch/overview/overview.js index 5169e440ceac7..7811617c05cf6 100644 --- a/x-pack/plugins/monitoring/public/components/elasticsearch/overview/overview.js +++ b/x-pack/plugins/monitoring/public/components/elasticsearch/overview/overview.js @@ -9,10 +9,13 @@ import { ClusterStatus } from '../cluster_status'; import { ShardActivity } from '../shard_activity'; import { MonitoringTimeseriesContainer } from '../../chart'; import { EuiPage, EuiFlexGrid, EuiFlexItem, EuiPanel, EuiSpacer, EuiPageBody, EuiPageContent } from '@elastic/eui'; +import { Logs } from '../../logs/logs'; export function ElasticsearchOverview({ clusterStatus, metrics, + logs, + cluster, shardActivity, ...props }) { @@ -42,8 +45,15 @@ export function ElasticsearchOverview({ ))} - + + + + + + + + ); diff --git a/x-pack/plugins/monitoring/public/components/logs/__snapshots__/logs.test.js.snap b/x-pack/plugins/monitoring/public/components/logs/__snapshots__/logs.test.js.snap new file mode 100644 index 0000000000000..97782a251f20b --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/__snapshots__/logs.test.js.snap @@ -0,0 +1,319 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Logs should render a link to filter by cluster uuid 1`] = ` + +

+ + Logs + , + } + } + /> +

+ +`; + +exports[`Logs should render a link to filter by cluster uuid and index uuid 1`] = ` + +

+ + Logs + , + } + } + /> +

+ +`; + +exports[`Logs should render a link to filter by cluster uuid and node uuid 1`] = ` + +

+ + Logs + , + } + } + /> +

+ +`; + +exports[`Logs should render a reason if the logs are disabled 1`] = ` +
+ +

+ Recent Logs +

+ + +

+ Showing the most recent logs for this cluster, up to 15 total logs. +

+ + + + +
+`; + +exports[`Logs should render fewer columns for node or index view 1`] = ` +Array [ + Object { + "field": "timestamp", + "name": "Timestamp", + "render": [Function], + "width": "12%", + }, + Object { + "field": "level", + "name": "Level", + "width": "5%", + }, + Object { + "field": "type", + "name": "Type", + "render": [Function], + "width": "10%", + }, + Object { + "field": "message", + "name": "Message", + "width": "55%", + }, + Object { + "field": "component", + "name": "Component", + "width": "18%", + }, +] +`; + +exports[`Logs should render normally 1`] = ` +
+ +

+ Recent Logs +

+ + +

+ Showing the most recent logs for this cluster, up to 10 total logs. +

+ + + + + +

+ + Logs + , + } + } + /> +

+ +
+`; diff --git a/x-pack/plugins/monitoring/public/components/logs/__snapshots__/reason.test.js.snap b/x-pack/plugins/monitoring/public/components/logs/__snapshots__/reason.test.js.snap new file mode 100644 index 0000000000000..32b3181a9d681 --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/__snapshots__/reason.test.js.snap @@ -0,0 +1,170 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Logs should render with a no cluster found reason 1`] = ` + +

+ + setup + , + } + } + /> +

+ +`; + +exports[`Logs should render with a no index found reason 1`] = ` + +

+ + setup + , + } + } + /> +

+ +`; + +exports[`Logs should render with a no index pattern found reason 1`] = ` + +

+ + Filebeat + , + } + } + /> +

+ +`; + +exports[`Logs should render with a no node found reason 1`] = ` + +

+ + setup + , + } + } + /> +

+ +`; + +exports[`Logs should render with a no type found reason 1`] = ` + +

+ + these directions + , + } + } + /> +

+ +`; + +exports[`Logs should render with a time period reason 1`] = ` + +

+ +

+ +`; + +exports[`Logs should render with a time period reason for both scenarios 1`] = ` + +

+ +

+ +`; diff --git a/x-pack/plugins/monitoring/public/components/logs/index.js b/x-pack/plugins/monitoring/public/components/logs/index.js new file mode 100644 index 0000000000000..07d43c33cb568 --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { Logs } from './logs'; diff --git a/x-pack/plugins/monitoring/public/components/logs/logs.js b/x-pack/plugins/monitoring/public/components/logs/logs.js new file mode 100644 index 0000000000000..980adfa8c13bf --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/logs.js @@ -0,0 +1,242 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import React, { PureComponent } from 'react'; +import { capitalize } from 'lodash'; +import chrome from 'ui/chrome'; +import { + EuiBasicTable, + EuiTitle, + EuiSpacer, + EuiText, + EuiCallOut, + EuiLink, +} from '@elastic/eui'; +import { formatDateTimeLocal } from '../../../common/formatting'; +import { i18n } from '@kbn/i18n'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { Reason } from './reason'; + +const columnTimestampTitle = i18n.translate('xpack.monitoring.logs.listing.timestampTitle', { + defaultMessage: 'Timestamp' +}); + +const columnLevelTitle = i18n.translate('xpack.monitoring.logs.listing.levelTitle', { + defaultMessage: 'Level' +}); + +const columnTypeTitle = i18n.translate('xpack.monitoring.logs.listing.typeTitle', { + defaultMessage: 'Type' +}); + +const columnMessageTitle = i18n.translate('xpack.monitoring.logs.listing.messageTitle', { + defaultMessage: 'Message' +}); + +const columnComponentTitle = i18n.translate('xpack.monitoring.logs.listing.componentTitle', { + defaultMessage: 'Component' +}); + +const columnNodeTitle = i18n.translate('xpack.monitoring.logs.listing.nodeTitle', { + defaultMessage: 'Node' +}); + +const columns = [ + { + field: 'timestamp', + name: columnTimestampTitle, + width: '12%', + render: timestamp => formatDateTimeLocal(timestamp), + }, + { + field: 'level', + name: columnLevelTitle, + width: '5%', + }, + { + field: 'type', + name: columnTypeTitle, + width: '10%', + render: type => capitalize(type), + }, + { + field: 'message', + name: columnMessageTitle, + width: '55%' + }, + { + field: 'component', + name: columnComponentTitle, + width: '18%' + }, +]; + +const clusterColumns = [ + { + field: 'timestamp', + name: columnTimestampTitle, + width: '12%', + render: timestamp => formatDateTimeLocal(timestamp), + }, + { + field: 'level', + name: columnLevelTitle, + width: '5%', + }, + { + field: 'type', + name: columnTypeTitle, + width: '10%', + render: type => capitalize(type), + }, + { + field: 'message', + name: columnMessageTitle, + width: '45%' + }, + { + field: 'component', + name: columnComponentTitle, + width: '15%' + }, + { + field: 'node', + name: columnNodeTitle, + width: '13%' + }, +]; + +function getLogsUiLink(clusterUuid, nodeId, indexUuid) { + const base = `${chrome.getBasePath()}/app/infra#/link-to/logs`; + + const params = []; + if (clusterUuid) { + params.push(`elasticsearch.cluster.uuid:${clusterUuid}`); + } + if (nodeId) { + params.push(`elasticsearch.node.id:${nodeId}`); + } + if (indexUuid) { + params.push(`elasticsearch.index.name:${indexUuid}`); + } + + if (params.length === 0) { + return base; + } + + return `${base}?filter=${params.join(' and ')}`; +} + +export class Logs extends PureComponent { + renderLogs() { + const { logs: { enabled, logs }, nodeId, indexUuid } = this.props; + if (!enabled) { + return null; + } + + return ( + + ); + } + + renderNoLogs() { + const { logs: { enabled, reason } } = this.props; + if (enabled) { + return null; + } + + return ; + } + + renderCallout() { + const { logs: { enabled }, nodeId, clusterUuid, indexUuid } = this.props; + + if (!enabled) { + return null; + } + + return ( + +

+ + {i18n.translate('xpack.monitoring.logs.listing.calloutLinkText', { + defaultMessage: 'Logs' + })} + + ) + }} + /> +

+ + ); + } + + render() { + const { nodeId, indexUuid, logs: { limit } } = this.props; + + let description; + + if (nodeId) { + description = i18n.translate('xpack.monitoring.logs.listing.nodePageDescription', { + defaultMessage: 'Showing the most recent logs for this node, up to {limit} total logs.', + values: { + limit, + } + }); + } + else if (indexUuid) { + description = i18n.translate('xpack.monitoring.logs.listing.indexPageDescription', { + defaultMessage: 'Showing the most recent logs for this index, up to {limit} total logs.', + values: { + limit, + } + }); + } + else { + description = i18n.translate('xpack.monitoring.logs.listing.clusterPageDescription', { + defaultMessage: 'Showing the most recent logs for this cluster, up to {limit} total logs.', + values: { + limit, + } + }); + } + + return ( +
+ +

+ {i18n.translate('xpack.monitoring.logs.listing.pageTitle', { + defaultMessage: 'Recent Logs' + })} +

+ + +

+ {description} +

+ + + {this.renderLogs()} + {this.renderNoLogs()} + + {this.renderCallout()} +
+ ); + } +} diff --git a/x-pack/plugins/monitoring/public/components/logs/logs.test.js b/x-pack/plugins/monitoring/public/components/logs/logs.test.js new file mode 100644 index 0000000000000..b266c14a2d754 --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/logs.test.js @@ -0,0 +1,125 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { shallow } from 'enzyme'; +import { Logs } from './logs'; + +jest.mock('ui/chrome', () => { + return { + getBasePath: () => '' + }; +}); + +const logs = { + enabled: true, + limit: 10, + logs: [ + { + 'timestamp': '2019-03-18T12:49:33.783Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + }, { + 'timestamp': '2019-03-18T12:49:26.781Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + }, { + 'timestamp': '2019-03-18T12:49:24.414Z', + 'component': 'o.e.c.r.a.DiskThresholdMonitor', + 'level': 'WARN', + 'type': 'server', + 'node': 'foobar2', + 'message': 'high disk watermark [90%] exceeded on [-pH5RhfsRl6FDeTPwD5vEw][Elastic-MBP.local][/Users/chris/Development/repos/kibana/.es/8.0.0/data/nodes/0] free: 29.5gb[6.3%], shards will be relocated away from this node' // eslint-disable-line max-len + }, { + 'timestamp': '2019-03-18T12:49:24.414Z', + 'component': 'o.e.c.r.a.DiskThresholdMonitor', + 'level': 'INFO', + 'type': 'server', + 'node': 'foobar', + 'message': 'rerouting shards: [high disk watermark exceeded on one or more nodes]' + }, { + 'timestamp': '2019-03-18T12:49:11.776Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + }, { + 'timestamp': '2019-03-18T12:49:08.770Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + }, { + 'timestamp': '2019-03-18T12:48:59.409Z', + 'component': 'o.e.c.r.a.DiskThresholdMonitor', + 'level': 'WARN', + 'type': 'server', + 'node': 'foobar', + 'message': 'high disk watermark [90%] exceeded on [-pH5RhfsRl6FDeTPwD5vEw][Elastic-MBP.local][/Users/chris/Development/repos/kibana/.es/8.0.0/data/nodes/0] free: 29.3gb[6.2%], shards will be relocated away from this node' // eslint-disable-line max-len + }, { + 'timestamp': '2019-03-18T12:48:53.753Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + }, { + 'timestamp': '2019-03-18T12:48:53.753Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + }, { + 'timestamp': '2019-03-18T12:48:46.745Z', + 'component': 'o.e.d.x.m.r.a.RestMonitoringBulkAction', + 'level': 'WARN', + 'type': 'deprecation', + 'node': 'foobar2', + 'message': '[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead.' + } + ] +}; + +describe('Logs', () => { + it('should render normally', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render fewer columns for node or index view', () => { + const component = shallow(); + expect(component.find('EuiBasicTable').prop('columns')).toMatchSnapshot(); + }); + + it('should render a link to filter by cluster uuid', () => { + const component = shallow(); + expect(component.find('EuiCallOut')).toMatchSnapshot(); + }); + + it('should render a link to filter by cluster uuid and node uuid', () => { + const component = shallow(); + expect(component.find('EuiCallOut')).toMatchSnapshot(); + }); + + it('should render a link to filter by cluster uuid and index uuid', () => { + const component = shallow(); + expect(component.find('EuiCallOut')).toMatchSnapshot(); + }); + + it('should render a reason if the logs are disabled', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); +}); diff --git a/x-pack/plugins/monitoring/public/components/logs/reason.js b/x-pack/plugins/monitoring/public/components/logs/reason.js new file mode 100644 index 0000000000000..933ae19aa6cd2 --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/reason.js @@ -0,0 +1,140 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { + EuiCallOut, + EuiLink +} from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import { FormattedMessage } from '@kbn/i18n/react'; + +export const Reason = ({ reason }) => { + let title; + let message; + + if (false === reason.indexPatternExists) { + title = i18n.translate('xpack.monitoring.logs.reason.noIndexPatternTitle', { + defaultMessage: 'No log data found' + }); + message = ( + + {i18n.translate('xpack.monitoring.logs.reason.noIndexPatternLink', { + defaultMessage: 'Filebeat' + })} + + ) + }} + /> + ); + } + else if (false === reason.indexPatternInTimeRangeExists || (false === reason.typeExists && reason.typeExistsAtAnyTime)) { + title = i18n.translate('xpack.monitoring.logs.reason.noIndexPatternInTimePeriodTitle', { + defaultMessage: 'No logs for the selected time' + }); + message = ( + + ); + } + else if (false === reason.typeExists) { + title = i18n.translate('xpack.monitoring.logs.reason.noTypeTitle', { + defaultMessage: 'No logs for Elasticsearch' + }); + message = ( + + {i18n.translate('xpack.monitoring.logs.reason.noTypeLink', { + defaultMessage: 'these directions' + })} + + ) + }} + /> + ); + } + else if (false === reason.clusterExists) { + title = i18n.translate('xpack.monitoring.logs.reason.noClusterTitle', { + defaultMessage: 'No logs for this cluster' + }); + message = ( + + {i18n.translate('xpack.monitoring.logs.reason.noClusterLink', { + defaultMessage: 'setup' + })} + + ) + }} + /> + ); + } + else if (false === reason.nodeExists) { + title = i18n.translate('xpack.monitoring.logs.reason.noNodeTitle', { + defaultMessage: 'No logs for this Elasticsearch node' + }); + message = ( + + {i18n.translate('xpack.monitoring.logs.reason.noNodeLink', { + defaultMessage: 'setup' + })} + + ) + }} + /> + ); + } + else if (false === reason.indexExists) { + title = i18n.translate('xpack.monitoring.logs.reason.noIndexTitle', { + defaultMessage: 'No logs for this index' + }); + message = ( + + {i18n.translate('xpack.monitoring.logs.reason.noNodeLink', { + defaultMessage: 'setup' + })} + + ) + }} + /> + ); + } + + return ( + +

{message}

+ + ); +}; diff --git a/x-pack/plugins/monitoring/public/components/logs/reason.test.js b/x-pack/plugins/monitoring/public/components/logs/reason.test.js new file mode 100644 index 0000000000000..baf6f812e82a3 --- /dev/null +++ b/x-pack/plugins/monitoring/public/components/logs/reason.test.js @@ -0,0 +1,64 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { shallow } from 'enzyme'; +import { Reason } from './reason'; + +describe('Logs', () => { + it('should render with a no index pattern found reason', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render with a no type found reason', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render with a no cluster found reason', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render with a no node found reason', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render with a time period reason', () => { + const reason = { + indexPatternExists: true, + indexPatternInTimeRangeExists: false, + }; + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render with a time period reason for both scenarios', () => { + const reason = { + indexPatternExists: true, + indexPatternInTimeRangeExists: true, + clusterExists: true, + typeExists: false, + typeExistsAtAnyTime: true + }; + const component = shallow(); + expect(component).toMatchSnapshot(); + }); + + it('should render with a no index found reason', () => { + const component = shallow(); + expect(component).toMatchSnapshot(); + }); +}); diff --git a/x-pack/plugins/monitoring/public/views/elasticsearch/index/index.js b/x-pack/plugins/monitoring/public/views/elasticsearch/index/index.js index 4fc3c90971ea1..b6569e84c1095 100644 --- a/x-pack/plugins/monitoring/public/views/elasticsearch/index/index.js +++ b/x-pack/plugins/monitoring/public/views/elasticsearch/index/index.js @@ -90,12 +90,15 @@ uiRoutes.when('/elasticsearch/indices/:index', { $scope.labels = labels.index; } + this.renderReact( diff --git a/x-pack/plugins/monitoring/public/views/elasticsearch/node/index.js b/x-pack/plugins/monitoring/public/views/elasticsearch/node/index.js index 9ce4b4cb725d3..91febbb7b6e74 100644 --- a/x-pack/plugins/monitoring/public/views/elasticsearch/node/index.js +++ b/x-pack/plugins/monitoring/public/views/elasticsearch/node/index.js @@ -79,6 +79,8 @@ uiRoutes.when('/elasticsearch/nodes/:node', { diff --git a/x-pack/plugins/monitoring/public/views/elasticsearch/overview/controller.js b/x-pack/plugins/monitoring/public/views/elasticsearch/overview/controller.js index c2b1a460dcc4c..802ecb8412804 100644 --- a/x-pack/plugins/monitoring/public/views/elasticsearch/overview/controller.js +++ b/x-pack/plugins/monitoring/public/views/elasticsearch/overview/controller.js @@ -46,7 +46,7 @@ export class ElasticsearchOverviewController extends MonitoringViewBaseControlle initScope($scope) { $scope.$watch(() => this.data, data => { - this.renderReact(data); + this.renderReact(data, $scope.cluster); }); // HACK to force table to re-render even if data hasn't changed. This @@ -56,8 +56,8 @@ export class ElasticsearchOverviewController extends MonitoringViewBaseControlle const { data } = this; const dataWithShardActivityLoading = { ...data, shardActivity: null }; // force shard activity to rerender by manipulating and then re-setting its data prop - this.renderReact(dataWithShardActivityLoading); - this.renderReact(data); + this.renderReact(dataWithShardActivityLoading, $scope.cluster); + this.renderReact(data, $scope.cluster); }); } @@ -67,15 +67,17 @@ export class ElasticsearchOverviewController extends MonitoringViewBaseControlle }); } - renderReact(data) { + renderReact(data, cluster) { // All data needs to originate in this view, and get passed as a prop to the components, for statelessness - const { clusterStatus, metrics, shardActivity } = data; + const { clusterStatus, metrics, shardActivity, logs } = data; const shardActivityData = shardActivity && this.filterShardActivityData(shardActivity); // no filter on data = null const component = ( 0, + indexPatternInTimeRangeExists: get(indexPatternExistsInTimeRangeResponse, 'hits.total.value', 0) > 0, + typeExistsAtAnyTime: get(typeExistsAtAnyTimeResponse, 'hits.total.value', 0) > 0, + typeExists: get(typeExistsResponse, 'hits.total.value', 0) > 0, + clusterExists: clusterUuid ? get(clusterExistsResponse, 'hits.total.value', 0) > 0 : null, + nodeExists: nodeUuid ? get(nodeExistsResponse, 'hits.total.value', 0) > 0 : null, + indexExists: indexUuid ? get(indexExistsResponse, 'hits.total.value', 0) > 0 : null, + }; +} + +export async function detectReason(req, filebeatIndexPattern, opts) { + return await doesFilebeatIndexExist(req, filebeatIndexPattern, opts); +} diff --git a/x-pack/plugins/monitoring/server/lib/logs/get_log_types.js b/x-pack/plugins/monitoring/server/lib/logs/get_log_types.js new file mode 100644 index 0000000000000..f3398e924a87b --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/logs/get_log_types.js @@ -0,0 +1,93 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { get } from 'lodash'; +import { checkParam } from '../error_missing_required'; +import { createTimeFilter } from '../create_query'; +import { detectReason } from './detect_reason'; + +async function handleResponse(response, req, filebeatIndexPattern, { start, end }) { + const result = { + enabled: false, + types: [] + }; + + const typeBuckets = get(response, 'aggregations.types.buckets', []); + if (typeBuckets.length) { + result.enabled = true; + result.types = typeBuckets.map(typeBucket => { + return { + type: typeBucket.key.split('.')[1], + levels: typeBucket.levels.buckets.map(levelBucket => { + return { + level: levelBucket.key.toLowerCase(), + count: levelBucket.doc_count + }; + }) + }; + }); + } + else { + result.reason = await detectReason(req, filebeatIndexPattern, { start, end }); + } + + return result; +} + +export async function getLogTypes(req, filebeatIndexPattern, { clusterUuid, nodeUuid, indexUuid, start, end }) { + checkParam(filebeatIndexPattern, 'filebeatIndexPattern in logs/getLogTypes'); + + const metric = { timestampField: '@timestamp' }; + const filter = [ + { term: { 'service.type': 'elasticsearch' } }, + createTimeFilter({ start, end, metric }) + ]; + if (clusterUuid) { + filter.push({ term: { 'elasticsearch.cluster.uuid': clusterUuid } }); + } + if (nodeUuid) { + filter.push({ term: { 'elasticsearch.node.id': nodeUuid } }); + } + if (indexUuid) { + filter.push({ term: { 'elasticsearch.index.name': indexUuid } }); + } + + const params = { + index: filebeatIndexPattern, + size: 0, + filterPath: [ + 'aggregations.levels.buckets', + 'aggregations.types.buckets', + ], + ignoreUnavailable: true, + body: { + sort: { '@timestamp': { order: 'desc' } }, + query: { + bool: { + filter, + } + }, + aggs: { + types: { + terms: { + field: 'event.dataset' + }, + aggs: { + levels: { + terms: { + field: 'log.level' + } + }, + } + } + } + } + }; + + const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('monitoring'); + const response = await callWithRequest(req, 'search', params); + return await handleResponse(response, req, filebeatIndexPattern, { start, end }); +} diff --git a/x-pack/plugins/monitoring/server/lib/logs/get_logs.js b/x-pack/plugins/monitoring/server/lib/logs/get_logs.js new file mode 100644 index 0000000000000..80d7f21fc45db --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/logs/get_logs.js @@ -0,0 +1,91 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { get } from 'lodash'; +import { checkParam } from '../error_missing_required'; +import { createTimeFilter } from '../create_query'; +import { detectReason } from './detect_reason'; + +async function handleResponse(response, req, filebeatIndexPattern, opts) { + const result = { + enabled: false, + logs: [] + }; + + const hits = get(response, 'hits.hits', []); + if (hits.length) { + result.enabled = true; + result.logs = hits.map(hit => { + const source = hit._source; + const type = get(source, 'event.dataset').split('.')[1]; + + return { + timestamp: get(source, '@timestamp'), + component: get(source, 'elasticsearch.component'), + node: get(source, 'elasticsearch.node.name'), + index: get(source, 'elasticsearch.index.name'), + level: get(source, 'log.level'), + type, + message: get(source, 'message'), + }; + }); + } + else { + result.reason = await detectReason(req, filebeatIndexPattern, opts); + } + + return result; +} + +export async function getLogs(config, req, filebeatIndexPattern, { clusterUuid, nodeUuid, indexUuid, start, end }) { + checkParam(filebeatIndexPattern, 'filebeatIndexPattern in logs/getLogs'); + + const metric = { timestampField: '@timestamp' }; + const filter = [ + { term: { 'service.type': 'elasticsearch' } }, + createTimeFilter({ start, end, metric }) + ]; + if (clusterUuid) { + filter.push({ term: { 'elasticsearch.cluster.uuid': clusterUuid } }); + } + if (nodeUuid) { + filter.push({ term: { 'elasticsearch.node.id': nodeUuid } }); + } + if (indexUuid) { + filter.push({ term: { 'elasticsearch.index.name': indexUuid } }); + } + + const params = { + index: filebeatIndexPattern, + size: Math.min(50, config.get('xpack.monitoring.elasticsearch.logFetchCount')), + filterPath: [ + 'hits.hits._source.message', + 'hits.hits._source.log.level', + 'hits.hits._source.@timestamp', + 'hits.hits._source.event.dataset', + 'hits.hits._source.elasticsearch.component', + 'hits.hits._source.elasticsearch.index.name', + 'hits.hits._source.elasticsearch.node.name', + ], + ignoreUnavailable: true, + body: { + sort: { '@timestamp': { order: 'desc' } }, + query: { + bool: { + filter, + } + } + } + }; + + const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('monitoring'); + const response = await callWithRequest(req, 'search', params); + const result = await handleResponse(response, req, filebeatIndexPattern, { clusterUuid, nodeUuid, indexUuid, start, end }); + return { + ...result, + limit: params.size, + }; +} diff --git a/x-pack/plugins/monitoring/server/lib/logs/index.js b/x-pack/plugins/monitoring/server/lib/logs/index.js new file mode 100644 index 0000000000000..13fed9875e263 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/logs/index.js @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { getLogs } from './get_logs'; +export { getLogTypes } from './get_log_types'; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.js b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.js index 7c3344626f852..350aecb5ca455 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.js +++ b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.js @@ -13,7 +13,8 @@ import { INDEX_PATTERN_ELASTICSEARCH, INDEX_PATTERN_LOGSTASH, INDEX_PATTERN_BEATS, - INDEX_ALERTS + INDEX_ALERTS, + INDEX_PATTERN_FILEBEAT } from '../../../../../common/constants'; export function clusterRoute(server) { @@ -46,7 +47,16 @@ export function clusterRoute(server) { const beatsIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_BEATS, ccs); const apmIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_BEATS, ccs); const alertsIndex = prefixIndexPattern(config, INDEX_ALERTS, ccs); - const indexPatterns = { esIndexPattern, kbnIndexPattern, lsIndexPattern, beatsIndexPattern, apmIndexPattern, alertsIndex }; + const filebeatIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_FILEBEAT, '*'); + const indexPatterns = { + esIndexPattern, + kbnIndexPattern, + lsIndexPattern, + beatsIndexPattern, + apmIndexPattern, + alertsIndex, + filebeatIndexPattern + }; const options = { clusterUuid: req.params.clusterUuid, start: req.payload.timeRange.min, diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.js b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.js index 2ce91020623df..412ed60b63f3d 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.js +++ b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.js @@ -14,7 +14,8 @@ import { INDEX_PATTERN_KIBANA, INDEX_PATTERN_LOGSTASH, INDEX_PATTERN_BEATS, - INDEX_ALERTS + INDEX_ALERTS, + INDEX_PATTERN_FILEBEAT } from '../../../../../common/constants'; export function clustersRoute(server) { @@ -53,7 +54,16 @@ export function clustersRoute(server) { const beatsIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_BEATS, ccs); const apmIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_BEATS, ccs); const alertsIndex = prefixIndexPattern(config, INDEX_ALERTS, ccs); - const indexPatterns = { esIndexPattern, kbnIndexPattern, lsIndexPattern, beatsIndexPattern, apmIndexPattern, alertsIndex }; + const filebeatIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_FILEBEAT, ccs); + const indexPatterns = { + esIndexPattern, + kbnIndexPattern, + lsIndexPattern, + beatsIndexPattern, + apmIndexPattern, + alertsIndex, + filebeatIndexPattern + }; clusters = await getClustersFromRequest(req, indexPatterns); } catch (err) { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.js b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.js index 76ba483b0fdd7..b4010bec85653 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.js +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.js @@ -13,7 +13,8 @@ import { getShardAllocation, getShardStats } from '../../../../lib/elasticsearch import { handleError } from '../../../../lib/errors/handle_error'; import { prefixIndexPattern } from '../../../../lib/ccs_utils'; import { metricSet } from './metric_set_index_detail'; -import { INDEX_PATTERN_ELASTICSEARCH } from '../../../../../common/constants'; +import { INDEX_PATTERN_ELASTICSEARCH, INDEX_PATTERN_FILEBEAT } from '../../../../../common/constants'; +import { getLogs } from '../../../../lib/logs/get_logs'; const { advanced: metricSetAdvanced, overview: metricSetOverview } = metricSet; @@ -47,6 +48,7 @@ export function esIndexRoute(server) { const start = req.payload.timeRange.min; const end = req.payload.timeRange.max; const esIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_ELASTICSEARCH, ccs); + const filebeatIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_FILEBEAT, ccs); const isAdvanced = req.payload.is_advanced; const metricSet = isAdvanced ? metricSetAdvanced : metricSetOverview; @@ -57,6 +59,7 @@ export function esIndexRoute(server) { const indexSummary = await getIndexSummary(req, esIndexPattern, shardStats, { clusterUuid, indexUuid, start, end }); const metrics = await getMetrics(req, esIndexPattern, metricSet, [{ term: { 'index_stats.index': indexUuid } }]); + let logs; let shardAllocation; if (!isAdvanced) { // TODO: Why so many fields needed for a single component (shard legend)? @@ -69,6 +72,8 @@ export function esIndexRoute(server) { }; const shards = await getShardAllocation(req, esIndexPattern, allocationOptions); + logs = await getLogs(config, req, filebeatIndexPattern, { clusterUuid, indexUuid, start, end }); + shardAllocation = { shards, shardStats: { nodes: shardStats.nodes }, @@ -80,6 +85,7 @@ export function esIndexRoute(server) { return { indexSummary, metrics, + logs, ...shardAllocation, }; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.js b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.js index 2bec1646f896e..ea8aa16fee4c5 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.js +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.js @@ -13,7 +13,8 @@ import { getMetrics } from '../../../../lib/details/get_metrics'; import { handleError } from '../../../../lib/errors/handle_error'; import { prefixIndexPattern } from '../../../../lib/ccs_utils'; import { metricSets } from './metric_set_node_detail'; -import { INDEX_PATTERN_ELASTICSEARCH } from '../../../../../common/constants'; +import { INDEX_PATTERN_ELASTICSEARCH, INDEX_PATTERN_FILEBEAT } from '../../../../../common/constants'; +import { getLogs } from '../../../../lib/logs/get_logs'; const { advanced: metricSetAdvanced, overview: metricSetOverview } = metricSets; @@ -47,6 +48,7 @@ export function esNodeRoute(server) { const start = req.payload.timeRange.min; const end = req.payload.timeRange.max; const esIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_ELASTICSEARCH, ccs); + const filebeatIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_FILEBEAT, '*'); const isAdvanced = req.payload.is_advanced; let metricSet; @@ -72,6 +74,8 @@ export function esNodeRoute(server) { const nodeSummary = await getNodeSummary(req, esIndexPattern, clusterState, shardStats, { clusterUuid, nodeUuid, start, end }); const metrics = await getMetrics(req, esIndexPattern, metricSet, [{ term: { 'source_node.uuid': nodeUuid } }]); + + let logs; let shardAllocation; if (!isAdvanced) { // TODO: Why so many fields needed for a single component (shard legend)? @@ -90,11 +94,14 @@ export function esNodeRoute(server) { nodes: shardStats.nodes, // for identifying nodes that shard relocates to stateUuid, // for debugging/troubleshooting }; + + logs = await getLogs(config, req, filebeatIndexPattern, { clusterUuid, nodeUuid, start, end }); } return { nodeSummary, metrics, + logs, ...shardAllocation }; } catch (err) { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.js b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.js index 2b9a8005dc39a..74b6750d8b326 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.js +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.js @@ -13,7 +13,8 @@ import { getShardStats } from '../../../../lib/elasticsearch/shards'; import { handleError } from '../../../../lib/errors/handle_error'; import { prefixIndexPattern } from '../../../../lib/ccs_utils'; import { metricSet } from './metric_set_overview'; -import { INDEX_PATTERN_ELASTICSEARCH } from '../../../../../common/constants'; +import { INDEX_PATTERN_ELASTICSEARCH, INDEX_PATTERN_FILEBEAT } from '../../../../../common/constants'; +import { getLogs } from '../../../../lib/logs'; export function esOverviewRoute(server) { server.route({ @@ -38,18 +39,24 @@ export function esOverviewRoute(server) { const ccs = req.payload.ccs; const clusterUuid = req.params.clusterUuid; const esIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_ELASTICSEARCH, ccs); + const filebeatIndexPattern = prefixIndexPattern(config, INDEX_PATTERN_FILEBEAT, '*'); + + const start = req.payload.timeRange.min; + const end = req.payload.timeRange.max; try { - const [ clusterStats, metrics, shardActivity ] = await Promise.all([ + const [ clusterStats, metrics, shardActivity, logs ] = await Promise.all([ getClusterStats(req, esIndexPattern, clusterUuid), getMetrics(req, esIndexPattern, metricSet), getLastRecovery(req, esIndexPattern), + getLogs(config, req, filebeatIndexPattern, { clusterUuid, start, end }) ]); const shardStats = await getShardStats(req, esIndexPattern, clusterStats); return { clusterStatus: getClusterStatus(clusterStats, shardStats), metrics, + logs, shardActivity, }; } catch (err) { diff --git a/x-pack/test/api_integration/apis/monitoring/cluster/fixtures/overview.json b/x-pack/test/api_integration/apis/monitoring/cluster/fixtures/overview.json index a6d62f84dbae7..c1674d73ada89 100644 --- a/x-pack/test/api_integration/apis/monitoring/cluster/fixtures/overview.json +++ b/x-pack/test/api_integration/apis/monitoring/cluster/fixtures/overview.json @@ -59,6 +59,19 @@ } }, "status": "green" + }, + "logs": { + "enabled": false, + "reason": { + "clusterExists": null, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "nodeExists": null, + "indexExists": null, + "typeExists": false, + "typeExistsAtAnyTime": false + }, + "types": [] } }, "logstash": { diff --git a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/index_detail.json b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/index_detail.json index 51ced3f7912d6..b30a8a428d6fb 100644 --- a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/index_detail.json +++ b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/index_detail.json @@ -9,6 +9,20 @@ "totalShards": 10, "status": "green" }, + "logs": { + "enabled": false, + "limit": 10, + "reason": { + "clusterExists": false, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "typeExistsAtAnyTime": false, + "nodeExists": null, + "indexExists": false, + "typeExists": false + }, + "logs": [] + }, "metrics": { "index_search_request_rate": [ { diff --git a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/node_detail.json b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/node_detail.json index c800c4edc52c0..db853337e0539 100644 --- a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/node_detail.json +++ b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/node_detail.json @@ -10,6 +10,20 @@ "status": "Offline", "isOnline": false }, + "logs": { + "enabled": false, + "limit": 10, + "reason": { + "clusterExists": false, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "typeExistsAtAnyTime": false, + "nodeExists": false, + "indexExists": null, + "typeExists": false + }, + "logs": [] + }, "metrics": { "node_latency": [{ "bucket_size": "10 seconds", diff --git a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_green_platinum.json b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_green_platinum.json index 4214032d8922f..8f9b427d4466b 100644 --- a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_green_platinum.json +++ b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_green_platinum.json @@ -5748,5 +5748,19 @@ "total_time_in_millis": 0 } } - ] + ], + "logs": { + "enabled": false, + "limit": 10, + "reason": { + "clusterExists": false, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "typeExistsAtAnyTime": false, + "nodeExists": null, + "indexExists": null, + "typeExists": false + }, + "logs": [] + } } diff --git a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_red_platinum.json b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_red_platinum.json index 2b4d4b9e088d2..8a9405abda817 100644 --- a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_red_platinum.json +++ b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_red_platinum.json @@ -14,6 +14,20 @@ "7.0.0-alpha1" ] }, + "logs": { + "enabled": false, + "limit": 10, + "reason": { + "clusterExists": false, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "typeExistsAtAnyTime": false, + "nodeExists": null, + "indexExists": null, + "typeExists": false + }, + "logs": [] + }, "metrics": { "cluster_index_latency": [ { diff --git a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_shards_relocating.json b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_shards_relocating.json index 27cedf2160c08..9c340ffb4cd50 100644 --- a/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_shards_relocating.json +++ b/x-pack/test/api_integration/apis/monitoring/elasticsearch/fixtures/overview_shards_relocating.json @@ -14,6 +14,20 @@ "7.0.0-alpha1" ] }, + "logs": { + "enabled": false, + "limit": 10, + "reason": { + "clusterExists": false, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "typeExistsAtAnyTime": false, + "nodeExists": null, + "indexExists": null, + "typeExists": false + }, + "logs": [] + }, "metrics": { "cluster_index_latency": [ { diff --git a/x-pack/test/api_integration/apis/monitoring/index.js b/x-pack/test/api_integration/apis/monitoring/index.js index 5f6a09f76ec9e..404e8828e2df4 100644 --- a/x-pack/test/api_integration/apis/monitoring/index.js +++ b/x-pack/test/api_integration/apis/monitoring/index.js @@ -15,5 +15,6 @@ export default function ({ loadTestFile }) { loadTestFile(require.resolve('./logstash')); loadTestFile(require.resolve('./common')); loadTestFile(require.resolve('./standalone_cluster')); + loadTestFile(require.resolve('./logs')); }); } diff --git a/x-pack/test/api_integration/apis/monitoring/logs/cluster.js b/x-pack/test/api_integration/apis/monitoring/logs/cluster.js new file mode 100644 index 0000000000000..f44986cca4c20 --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/cluster.js @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from '@kbn/expect'; +import clusterFixture from './fixtures/cluster'; + +export default function ({ getService }) { + const supertest = getService('supertest'); + const esArchiver = getService('esArchiver'); + + describe('cluster', () => { + const archive = 'monitoring/logs'; + const timeRange = { + min: '2019-03-15T16:19:22.161Z', + max: '2019-03-15T17:19:22.161Z' + }; + + before('load archive', () => { + return esArchiver.load(archive); + }); + + after('unload archive', () => { + return esArchiver.unload(archive); + }); + + it('should get log types at the cluster level', async () => { + const { body } = await supertest + .post('/api/monitoring/v1/clusters/ZR3ZlJLUTV2V_GlplB83jQ') + .set('kbn-xsrf', 'xxx') + .send({ timeRange }) + .expect(200); + + expect(body[0].elasticsearch.logs).to.eql(clusterFixture); + }); + }); +} diff --git a/x-pack/test/api_integration/apis/monitoring/logs/fixtures/cluster.json b/x-pack/test/api_integration/apis/monitoring/logs/fixtures/cluster.json new file mode 100644 index 0000000000000..94755c05b4cff --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/fixtures/cluster.json @@ -0,0 +1,4 @@ +{ + "enabled": true, + "types": [{"type":"server","levels":[{"level":"info","count":38},{"level":"warn","count":1}]},{"type":"deprecation","levels":[{"level":"warn","count":3}]}] +} diff --git a/x-pack/test/api_integration/apis/monitoring/logs/fixtures/index_detail.json b/x-pack/test/api_integration/apis/monitoring/logs/fixtures/index_detail.json new file mode 100644 index 0000000000000..abba0d12dbef5 --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/fixtures/index_detail.json @@ -0,0 +1,13 @@ +{ + "enabled": true, + "logs": [{ + "timestamp": "2019-03-15T17:07:21.089Z", + "component": "o.e.n.Node", + "node": "Elastic-MBP.local", + "index": ".monitoring-es", + "level": "INFO", + "type": "server", + "message": "started" + }], + "limit": 10 +} diff --git a/x-pack/test/api_integration/apis/monitoring/logs/fixtures/node_detail.json b/x-pack/test/api_integration/apis/monitoring/logs/fixtures/node_detail.json new file mode 100644 index 0000000000000..ef197266273ec --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/fixtures/node_detail.json @@ -0,0 +1,79 @@ +{ + "enabled": true, + "logs": [{ + "timestamp": "2019-03-15T17:19:07.365Z", + "component": "o.e.d.x.m.r.a.RestMonitoringBulkAction", + "node": "Elastic-MBP.local", + "level": "WARN", + "type": "deprecation", + "message": "[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead." + }, { + "timestamp": "2019-03-15T17:18:57.366Z", + "component": "o.e.d.x.m.r.a.RestMonitoringBulkAction", + "node": "Elastic-MBP.local", + "level": "WARN", + "type": "deprecation", + "message": "[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead." + }, { + "timestamp": "2019-03-15T17:18:47.400Z", + "component": "o.e.c.m.MetaDataCreateIndexService", + "node": "Elastic-MBP.local", + "index": ".monitoring-beats-7-2019.03.15", + "level": "INFO", + "type": "server", + "message": "creating index, cause [auto(bulk api)], templates [.monitoring-beats], shards [1]/[0], mappings [_doc]" + }, { + "timestamp": "2019-03-15T17:18:47.387Z", + "component": "o.e.d.x.m.r.a.RestMonitoringBulkAction", + "node": "Elastic-MBP.local", + "level": "WARN", + "type": "deprecation", + "message": "[POST /_xpack/monitoring/_bulk] is deprecated! Use [POST /_monitoring/bulk] instead." + }, { + "timestamp": "2019-03-15T17:18:42.084Z", + "component": "o.e.c.m.MetaDataMappingService", + "node": "Elastic-MBP.local", + "index": "filebeat-8.0.0-2019.03.15-000001", + "level": "INFO", + "type": "server", + "message": "update_mapping [_doc]" + }, { + "timestamp": "2019-03-15T17:18:41.811Z", + "component": "o.e.c.m.MetaDataMappingService", + "node": "Elastic-MBP.local", + "index": "filebeat-8.0.0-2019.03.15-000001", + "level": "INFO", + "type": "server", + "message": "update_mapping [_doc]" + }, { + "timestamp": "2019-03-15T17:18:41.447Z", + "component": "o.e.c.m.MetaDataCreateIndexService", + "node": "Elastic-MBP.local", + "index": "filebeat-8.0.0-2019.03.15-000001", + "level": "INFO", + "type": "server", + "message": "creating index, cause [api], templates [filebeat-8.0.0], shards [1]/[1], mappings [_doc]" + }, { + "timestamp": "2019-03-15T17:18:41.385Z", + "component": "o.e.c.m.MetaDataIndexTemplateService", + "node": "Elastic-MBP.local", + "level": "INFO", + "type": "server", + "message": "adding template [filebeat-8.0.0] for index patterns [filebeat-8.0.0-*]" + }, { + "timestamp": "2019-03-15T17:18:41.185Z", + "component": "o.e.x.i.a.TransportPutLifecycleAction", + "node": "Elastic-MBP.local", + "level": "INFO", + "type": "server", + "message": "adding index lifecycle policy [filebeat-8.0.0]" + }, { + "timestamp": "2019-03-15T17:18:36.137Z", + "component": "o.e.c.r.a.AllocationService", + "node": "Elastic-MBP.local", + "level": "INFO", + "type": "server", + "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-7-2019.03.15][0]] ...])." + }], + "limit": 10 +} diff --git a/x-pack/test/api_integration/apis/monitoring/logs/index.js b/x-pack/test/api_integration/apis/monitoring/logs/index.js new file mode 100644 index 0000000000000..f581cfe9981f6 --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/index.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export default function ({ loadTestFile }) { + describe('Logs', () => { + loadTestFile(require.resolve('./node_detail')); + loadTestFile(require.resolve('./index_detail')); + loadTestFile(require.resolve('./cluster')); + }); +} diff --git a/x-pack/test/api_integration/apis/monitoring/logs/index_detail.js b/x-pack/test/api_integration/apis/monitoring/logs/index_detail.js new file mode 100644 index 0000000000000..d8f4a93a51ecf --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/index_detail.js @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from '@kbn/expect'; +import indexDetailFixture from './fixtures/index_detail'; + +export default function ({ getService }) { + const supertest = getService('supertest'); + const esArchiver = getService('esArchiver'); + + describe('cluster', () => { + const archive = 'monitoring/logs'; + const timeRange = { + min: '2019-03-15T16:19:22.161Z', + max: '2019-03-15T17:19:22.161Z' + }; + + before('load archive', () => { + return esArchiver.load(archive); + }); + + after('unload archive', () => { + return esArchiver.unload(archive); + }); + + it('should get logs for the specific index', async () => { + const { body } = await supertest + .post('/api/monitoring/v1/clusters/ZR3ZlJLUTV2V_GlplB83jQ/elasticsearch/indices/.monitoring-es') + .set('kbn-xsrf', 'xxx') + .send({ timeRange, is_advanced: false }) + .expect(200); + + expect(body.logs).to.eql(indexDetailFixture); + }); + }); +} diff --git a/x-pack/test/api_integration/apis/monitoring/logs/node_detail.js b/x-pack/test/api_integration/apis/monitoring/logs/node_detail.js new file mode 100644 index 0000000000000..72012c3ade307 --- /dev/null +++ b/x-pack/test/api_integration/apis/monitoring/logs/node_detail.js @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from '@kbn/expect'; +import nodeDetailFixture from './fixtures/node_detail'; + +export default function ({ getService }) { + const supertest = getService('supertest'); + const esArchiver = getService('esArchiver'); + + describe('cluster', () => { + const archive = 'monitoring/logs'; + const timeRange = { + min: '2019-03-15T16:19:22.161Z', + max: '2019-03-15T17:19:22.161Z' + }; + + before('load archive', () => { + return esArchiver.load(archive); + }); + + after('unload archive', () => { + return esArchiver.unload(archive); + }); + + it('should get logs for the specific node', async () => { + const { body } = await supertest + .post('/api/monitoring/v1/clusters/ZR3ZlJLUTV2V_GlplB83jQ/elasticsearch/nodes/-pH5RhfsRl6FDeTPwD5vEw') + .set('kbn-xsrf', 'xxx') + .send({ timeRange, is_advanced: false }) + .expect(200); + + expect(body.logs).to.eql(nodeDetailFixture); + }); + }); +} diff --git a/x-pack/test/api_integration/apis/monitoring/standalone_cluster/fixtures/cluster.json b/x-pack/test/api_integration/apis/monitoring/standalone_cluster/fixtures/cluster.json index 061f664d25eec..61bb4de48df06 100644 --- a/x-pack/test/api_integration/apis/monitoring/standalone_cluster/fixtures/cluster.json +++ b/x-pack/test/api_integration/apis/monitoring/standalone_cluster/fixtures/cluster.json @@ -1 +1,51 @@ -[{"cluster_uuid":"__standalone_cluster__","license":{},"elasticsearch":{"cluster_stats":{"indices":{},"nodes":{"count":{},"jvm":{}}}},"logstash":{},"kibana":{},"beats":{"totalEvents":348,"bytesSent":319913,"beats":{"total":1,"types":[{"type":"Packetbeat","count":1}]}},"apm":{"totalEvents":0,"memRss":0,"memTotal":0,"apms":{"total":0}},"alerts":{"message":"Cluster Alerts are not displayed because the [production] cluster's license could not be determined."},"isPrimary":false}] +[{ + "cluster_uuid": "__standalone_cluster__", + "license": {}, + "elasticsearch": { + "cluster_stats": { + "indices": {}, + "nodes": { + "count": {}, + "jvm": {} + } + }, + "logs": { + "enabled": false, + "reason": { + "clusterExists": null, + "indexPatternExists": false, + "indexPatternInTimeRangeExists": false, + "typeExistsAtAnyTime": false, + "nodeExists": null, + "indexExists": null, + "typeExists": false + }, + "types": [] + } + }, + "logstash": {}, + "kibana": {}, + "beats": { + "totalEvents": 348, + "bytesSent": 319913, + "beats": { + "total": 1, + "types": [{ + "type": "Packetbeat", + "count": 1 + }] + } + }, + "apm": { + "totalEvents": 0, + "memRss": 0, + "memTotal": 0, + "apms": { + "total": 0 + } + }, + "alerts": { + "message": "Cluster Alerts are not displayed because the [production] cluster's license could not be determined." + }, + "isPrimary": false +}] diff --git a/x-pack/test/functional/es_archives/monitoring/logs/data.json.gz b/x-pack/test/functional/es_archives/monitoring/logs/data.json.gz new file mode 100644 index 0000000000000000000000000000000000000000..7f48fca2ea8a829adf46141984e809865a13ea25 GIT binary patch literal 33096 zcmb^2gLh^Py664awr$(CZB=aBs@Qfawv&o&+fFLBjha+H-KP)w%$#}W{TKGS*V_AY ze}5N#Bm~5qXNC>{u(5%&0iC6joh`t5r&Z#5O9I>TX17qqO8D^|p0w<>oLyE}RsFcl z(+XXC`Nm~ae_k$ygeW@c9EvJ>&h_UbsDvVs194gV*zrkv8JYkP2+|8rx&+DRTj8Q5 zIXt2@zf~i6-m-6mUyI9k%+G`FWBwVxS74nrZq^R?-yLtRfP9;v5l5bG@K?Ux?n~i% znCQ#>C!+dY-hee*+no%y)0aP7?B2V$9lXN1J5Qo#zY$~bEB_F+0DjI+1nd~Dxrpfx z&k3sI$8_2GY2=~;%AqTI21H!L4Qp1{d=CFQ2yHqKGSs6cx2W+Ci1y=)zw>`wFPNME{cD%^(m zfR>o``RAjmVJD`GzzyA)qWd^bTE7dzl*}u=P2m3r7szJaneH3%3U*c zt^dJFF|c*#O!P10r%r~z#I5F9{>j4c)o%E$Te8bJxrER_X>hQ5XBSGHIS0dQ3~eDs z7{oqFu*F!iTN^p=K5h=LI2*8?si|%0-W|kP6^$6ooRxK5Q1b6O?;nX-(OZq&onrD8 z5k^#GugioFikmKMHT=?VOc8`xD3P`XJP-YlRP!j7yy!)aZPhCIF8f|T(>!)Lp!5?S z0uZXoegi+gOV<33lT1~@X)ifwo*>hhwk-NKn_m*_sJKi*W(T0iuO#@Znfcy;0iz{c zx*Kil74I|30+VO1Ugq9w{|O-XY@@hqn!po8_K4Nk8~C#|)emx2M=e6z2qogx6qCSHUI` zCr%P0R?{eN)!3~7A)ZA|HPibDB@Z7f(iyQ951^?iff;Vk;R?<3SaJzD$zQ;=CIARv zHM8~fGC$^r|1 zqlNwWPt>A;KKC7YCT5Z>5csIeX~7Vk_hZO3EtDiR2}%3{0(|fu+|U62hd%8nwlrF1 zwIO&3Ih=rqD6G9I7xNIIiX;?~h|^669A)5? zOMv9{VY_Cdw#2g2=-Q^iE9^JHojvr7CL=7kDp$?1T`a?g?_0{J9j5Ck774o371PBM zk!YtCZM!QOMaO+baXP~@vdaaMk2cj%4y)+-qC;zwMG1{!sou4)00v2P)Y0gV6FKHT zv}^kInV=H4tG7NYOir_v`7LybD)5J@y0;vEbO$F2h7C6Q;I-=kXixWJARbvW-r*6p zJ=*2EZ0YDWg|C?e-zHNdBByNx-@wWr*CdksN-BaG%p~;po1u&rlU?s4(>O5M*b1#= zMK7F!CDBpDA*$vT&5c|hR^FOJQQL#yX;fm}1Sl_4&i|nnMZgrMsT0>22klCzny$lK zT5WM!+9lP^QPpmZNfBWmQcGi}f3h$AtLm(AieB4KeS{R$nL!fI6Z=$p*9Nw20JVuC zE!tbE)0=jA)HpoAbvA0W9PO?E%8c9vq|h4|uoC@EF(I7#p)V?-G)8z-SWGgFl#*1C zlvN#9eYVNQdJlcrjWa_ugMeW$vJf95#8N8)EQ<6g_u^KT!vOJnU?SzNlMvemO!U*n zndajpkq@LkOOr`VkGA^;liWq@laca;0e*>HXzE&i$R#60kB5~5e|>#$PEzMNXTvN zx}MPvhq*+i-ryFi1KALd8V6$Y_^A&))(*V1+ouo*wj3U=N!zLoR9onRmFVh0`kGIL z%k>X`!MXwji?mQY@XFg?I!Km1dVD`L_xt^SG@o}aUnUvVHan{0m;6ko1ZK-7`_@bI zDdk4t1C}QX|A5KtF4|m&MHX%UJ}rOBew*4>iyK7DQagV!`OIPdX-RV+43Qoa>DdevzfiHl;c=~R{z$~I&O@a^WIf;UD>!kS*E3IhkYNwFWj;) zP!QDqF6-1m`rC_*p-lriqfbLD5ar$#nBbxgKDLA|8)pFyiFrzC4M!KMtWwWk8VjA1 z-^kCskhXe8$F7G$53f)sx+r-uh1k;vtu^oa7?}>!9Ajyg?9m=Dv5nmWH`c9_XGOP# z*qE)sKUd7W3Y=_3QiE;)0s!0L=QaJH7`=>AwsiZ`Qp6qM916j`+%)wgU}kl$tG>An zU}6F?79T7*kvG$U1G>%m_Vh;SvV7XiJUuRZwmdDdx^!P;zJ9L7Ht;_3HvZ@n6#xsQ zi?H$(YH9nJlI^ex0adg}t1ZApV*^wMuJ3M(&ji~d=8i`ORK8wd6pN_fjl|vKhWCu@ z0bt5C|3rDb6GEMRW3UHxQ5xptQzx$d9Kc3TfqX z33cc#vuD_h(%hiLodg-l%T%8L-gjoIXKIbx}I7AcaxivY23Oj${&o;OzYALKRfGA}^?8*fcKd!hmgPDHr!M4w<8dGe;l$oORA~eRrM-hpVdHk>j4M zK>vhd{4uP_=oS}VjzAs*27|v@3Y)amSqU-a!1CTuu}bRo&VOstam&F|V6a@(xp$_N zZo&AnGOR-kuoQK-WMeE?gSJWuY)J5U)0iZ_mWYXqFbai`n!Yb1+$k%`=m)0h5}c6R zjMMDgNYf^zBCxxFpn5Y*KO4>@)9Lk;5c`Ut-Fa6n@KzY6*xg8&i!h4>{Rx<@iVkB^ z)ygc5dkcCnq2$~eF-Jh%v_=txsA(m#2;+N*ai$3E0TB3R@R_RjMY@lBA(x)lK$4=J1^nygkGluMUB}B+7(B6D0-dsgid~b9BDM> zVGPp}%`v2UjtP~hV=NYslQ0wkfA7R_KK8Ma{0Xa2DA zO)s;e?FjW0Z?dK=Ihc4F5m}b>;(a0jp9vTMY8;MYBA8qa)_eG&!*66?q9`}MumV+l z`cT0B@$qAkzjM6e4qEC~A@qZgjgxZ?$pPi6c-TR4@sgr0x`&ujsYbeU3Y|z88Hzh^ z$;#|wOw2C_3lAS-4kbFtIUqzn2Y~CKI038c+@J_f6+bg%nHsK43N!~z67)9(N(aZ9 z|Kz&lVuN43EryzMy)D=NVUo&05EVIlX(82iC)Kz2>>OQfuI3;};-a@2H9zOz-B02y zqpt_AyA28fKMpz~rGYNY?j%efR&$DyO-N1pdQcQn4ncxgIJas}0J$Bx%@Yv>nIE|? zREVTS7-$TGsKf|Ht4#mEe?dW{7$QN>@EFEXuHphxvnHW1?%LgKAOgKA#hGQ2t&gT8 z7u-u@I{Y6u@9)!KA096ZIfm4R2XIs+&+j80J0`aPSQR3nrc_I&+1HJhqd|O zJ`tOm%je^g=y;-X+Na`9f1@Me(|>peo+I}i?coD3L=onpvL(h@lpNsq{!WNyM4e!Y zVV(R5y@GH;Qsr6-8#T&oJD!Oe^de!aNP5Y!e|LcLr1D5C>Mcq#7iM>8AzGWQCTluW z?%e5hIuz%Ks?1;>$NErOgsks&lN+70GNsAA0Tb#81c#8ge~^Z24#|L2STce(mN#Ub zSLn({Tzi@CCx zdOql|;aE;wrrH~0$0@rbB(;LHQQdktvPGXVxgpp%JxIn!?-6uX{Rybh3UYwN<4+o< zoN=F*={%PS1y#Q$X_pQ<+zeLHB|#_D3h~qk;f35h6%mR55kb5(;^-0|-o31?hrgYz zqu2Ghr~3d!-SsdVt{YtC6eRTnQ;oQ>b>T3yw(=SJ2m)Qp0VB7Wy0;?H!LHqMY3%z9X z`z$L?KSoKUOpZdqXy#jD_Z6L7&iD4br&}fV#8~6Yp0#km%wkaEEB2Cx*>>0YV+2(P znL&}?T!nn)?NeHV$3@^6AO;qfsml;pT#dQo>hRT+DOubX9rie&aUKC=jU|2CH{U?& zl6qaphu^T~%p) z>PWaJa~D9F!Hhg&tjvlGL62^@B{qv@maextrp7*kQOVnk_Wo&)h&KFVf?MYccT<0G zm*>ianX9tRG*YO1zFsyvZNPI)o-T?c7YHu)`^a3F&hK8t6`rFA{Z{&<6i3%14a|)I z?2|>hXRUuAy^h6K!0`~m-I%Ap(^#Dup`mVc+C;D3inF|Eei-3QuU`9<*azCU+MD>5 zhsrZ&6e7yRB9u%Ww}~Sa7YG(30#HS}1uaEAF&#%YY`hDBmI;lXTw3i$mNFQ0B5Ji| z&fQ?`J^Zlsfl7w1fZ^rh^rBmn*2LLq}3abYbQX{k5I;6 zGpm+|yh6?w+X81Dt!>uGjpJAc)apcJ46V?6*gs~zkxLFxN|!~j3k&?tRi=v0XbSeI z9UE`yETPLBu%eUrz&U{ozlR$+{}gouq)jcZ#S-5cO^$$Z9anSCM0)u7i%FZ4Ufj(A zmqu2koT<^2X0T2{^|Z%T&ux`SVPIBQBZa-z`Ihu%=|Sr#wW^zXKS78qjRd|E_Mzyy z2~77Fls3wQ7+;ZISIQYf4X#ZcJ)RBf-3qY74AGUA;%PJ{gMVuOD4&W*=7H$195WDgSnY8aAe#caKJiEilq?xYa1^E^Q}do9x|#X{ zxw;=^xo76CqmwP(`8fO;xJGO){&)lxd&n9#)!%7qP@yaI&nHLG6;S$uBNzU#Ojb25 z_WW7fg746Gpo{yVGa;4*+hrWI_~5@oSzC0gttNl59*7oUrBW2`{nsxKb(+e@fgzELeg=kbQI-WKELC zDl}+Qy9KZJQMeKhSyY)jL99n%7N@urJx>GL>Zc4^(@9SP|L!2i1bt{vFj`{w39D z+ryloR9Vi)T{Yi{wx4V_a1WUd>5By!P@^UlG{(-1h)>qVz=OWCWY-6gs+aVImy^ec zZmz$(^mUQ%!e&*%*m;|O>h+#y&Lt8$Cu&Zlh|=Q_W5@WUA5p-WDdyA#gprSQn(XUJ zMRo;So36mU*G)ez9c_fsLGA$p0lVTCH+-TPJ`T}zwudm%#_r?%iollTM2ZahVjeYCKxAM?K2ODLvD{ ztXiNo0L+5yDR5=_a>K!!EA&9srjNn38k|A$1GQs?LamudDOI}_VM#5zevjbZmZ?j^ zlw2Y`n4vJFvLg(DT&`P*&(l;yj~ilBa9Y%gc-^B!1a=1yR9AahbyCeH7wf%D-8VdMLAT@D5sK8v~hft)YT0@U(9}nE~Qrfzri{Je;O85^u z_qouF!s=3$HMZ+UV0$eV!~tb#otw(hOuCkjeVcYbhbS*b9gRR3Ch-imRRNq!R1(uY z-5m(>^e$tqk2y7Yp>kvhfZxEgxE5djz+o!&*|A?T*~pHYto6J*O-48-szOsNpN5oyk`cK2M!{ z{EoYbml8w{U}w1ro!;F!zj&+g^GsDgLQmSs`+OC)_HuM4Go;#*jotfMzB!#iu3hMw zx~7}E$tq285#)+~6gD;Fonwjnt)euO%_CnYcWFKn166=?wMdH|F1a|NtEoWw%zt8= z{-JH*ELN>XJr0A<0=9hGB}%_%AeO3Biybf=$us;!i0kM&e` z_6|a9?_OkQR5O_^MswscqL$Au(C%2D$DQX|qH-O?GuM&bcOod`lP5;)_csL1SE`p) zy^)g_L4fAG!K4WaG^($CmC}Ye{N>d_nA#+1=X+My#B zz+Lz1E2-nUJs5`TjezwYHKw{V2!tFbE}fA9ey6Sg#9mrVAx&lh&1;@Q3Tn4ofp;)J z+M;)`cSBsw3^-o-GnB{2@N3W@3rhk`rL2ZZ#YwMowAOEILzUL!$4boaE{p21`h@Om02l@+w&$nOV?hmIM*})%gv*y?E&jh-Fu|25v z0+?r~tw3`|_F{~6%6SF9n7u>sVD!Iin&FfTRWF45n4)8ns51!Ew4)mvTbTyd%B@sP zol!5>)Mm8aIuoGjb|l0)lHolxmsD$Qa|M*6yiRK{D?3kPVr+}X* zA@w(sHo8z;XRJHEjz*(qclo*@I-4#XbuD@@*y@eW{0*eFDt-^|Um)e#m45^70m}k- zch1E&r3?&fKGggr393p)xuD1*sl+C!q#}A>on2hj>|(I=n(Vk)?;atAt51K2;!{=l zu-_icBdUsZR9Vt-ea4KsNfgU`n+BDgn>no_(Wf@3g2UCkSNs=GnHSGY)6baFBb-5S z@`we5XxinG3`xIyN(V%URl#VU76uJ+6~Juu<}$ddV(}@3mn&7^1@qA3-bDvUXB((fW0fx8 zi$lAc8GL|{W#@W-{(qn%R24eaBV=XY?&_ZFxU%!z@NuvHyqSBsKW*P?Rlx+Sb_T@B zhTe%&0^J$k)RgnrbH%m^SG}fj$J?ba=T+ESBS6F7VFr>VmeWzp0*K3iT~4E8y8eYo zM7KUknv3R^+a36w(L2duI|NJLy1_k}Qw8`|a zFciKtXwhll3>)td(Xdb=Upl)#`7yffhF&t=yE)_KQI&cyC?BM{Gq+lCEJN%Pl)ieJiGq(c|3oR%>8{Gh);oVOtK7|ybO6oztSjX#MO0G%gYAc=ja1J1D ze<^(YDdBgh^`Uw4?g&wDU-ARlF}%<=o=Y5o>JEe@0&K=cj6)y}7I71zjJ%_|R_QiCr`WcSF81yfB&J9^@ z%=F=v3bkXunD5?F$MBvQQ^Uh4Z|;;l2P!c0lG>|O>{su9XNPr2AIeA3#DIU7Y)hVl zChr9<`0bQSn9A=7B&Rv5#B@1KQTo^d_io|ZDh!`!IyCnTIGRoz7k?Awb@m#t4liXC z?jBcFmXfCwVTjSs#6wkns8Jk(f#A}J=CK-g$q`cqDD4J-uhhL6b0Swf#-9J39Px>% ztd>)v8=#+T;1#^HWWi&yiFW>{ilt)F;wW{pe>qUDX5pr!?~@D6rn8`uPv)7B&SS87 ze4RVzi))0P)Cslz*3kE_j%Ygh-*iM}jDOt`Z;q^4|5Hbd{;wU8=Bp!yeRag-KOK?f zpB)kV=Sj6?7{(Jy9-SV(yoa>1Ml|vDzSJTtFoypc@Te7CjnG^v)PfYi1`-T8yY_cFhhSPLQ{o&Y z`fuYdOqzzdx-3R><%9QOS4C1EfRsk!0B3`~NyfjVIvMszuskX*0}~mfmE;1YEUUSy z^KD9Yy#{Y|V@xkNf`G23_rO^D_4ZQ>ChuO`QM{K)eks^9k$TII#AW6IPJ1f_Rs0)N zUH(ATB@Q=)Z2_{;moN%2Y5;@MD`Ms%3X~HUL3Sa+ajAo>gwG5nRsgF#S(gC+Bt~>K ziQbN&BAu_m=qf4#W!(kdAVrQ5$R-duxTnzk6KFYk5s9M#4JAf*s9iR_E>I~NR~X)a zqB+t7R7B_SdqcSCa2O;=>+mN+NO3%b0iH6kyM1f$8paw=p@@F@SLgDmQeOG~lr}HW z1R7sg{L03mX4hb@t&!~oigA?_lo;y3VdOh-dtuTg!Wx%A+wBI7_)2uvW2Pg$dGFE? zFx|n_HY>eEsOuXb}u4T2t>DS(W6J`6p$;#$}Ibp0^6^<^4A<$uj?hv>l z^7p)md-eZIUaa5!%8TbOfAZp6=vQ9U9#X9Od8|ER8gkKt|0V<0y(8ucFbTTNz7xYiOiVEJbHnp;f9Zf=M{W(CBdsoS zs2lcm>r)HQ`xZ7kc0TnE=Ywd6! znZBjKqdL3ee23m7KB7`d|I{mpAJQbp9N8|wbvI}0mYtuIMLh{bs&Z*&V6iY7`huSdfsKv zvx}$bhse-S5eB*8odFb;{^Z3{2cahF{_<8Wm(bq%NvDHV=Oo=5|0G*QMi*+FX#NP| zi%dybaa@L@iTsE{^#$e7_4#7AB|vd+oXw@>QMu*-|9czp^zqU!uQpxP*PzqLfERpu zl{fLq+x}PfmsgE?B4LrIs<}0z<7ozn@Nz9?fIZpA!-r1-7HgqH$`W)-M|U&>BBOsf zQ|CLkCZ`hG+tY-~AoJb;f`WYNvx z=O)G$2O2hy&l1}S4(2n;Q4jpp4#|9AHQ8n=lL_aBURD-~13YZ1!E)3~GpBQl9noTV z=vnzJASOOu2$}J6YhV5Qbo>lqd!LM^-$H3(RiH8;I`YE#z2U&k?6$vs%(r)Nb?1V> zKP=-Ljwco{BP!q6dg8dLUiczqLh+OnHMTEY0$o%uN=P;?T>h$Q^;jwlk14to(VNVtejz@$N%}46IUbiKtR9KNKi^45iVXtJ1@HP9=88Vp3)1f~vDp zGIDuV1X@D5PPt>*80hA92^ITbpPt$QEM3xgh~KoaE~qE6o6KuanFK7qAE10cerKvK za!GIk79Vv2)+eL6yYRW^zL!yLG5@))%HrIl=@iByll4hddbj^k1)rx`RB;6VJH-9l zuPdJ68K&ps6*^$fk!zaIY^BJZqCd37&j*F47O7a8oD*<~cu(I{tef{;j4XQT%?|Z~ zE`COm8LNzQ(~p3MVQmMV-xVjgdPI`(eigkReV;dhmB))W)p%KnFHJ8O7LT67DT|K9 zv3c)7R5-~xwb~AZWJ#bCJ{$+LK{LCzdpQFybx-CArtNMn} z2Ae9N3C@0EuH`4{=C8$r=1o#4N~)@s{K!7-#$0Q9iA?iQ+=Nw<}AjH8YAg;TOq1fZT@ELuAMSKmwMpOa^%ynF%%42{ju2IX4%KNNDo} zpye`}W6N{4$vtayB@?2b)YW5iX$kF+?1~ z_+?^{24o$Qq4alpLf0#VOl(K=hLgeLdtvvRIhT-}M)V$DPTs_+FBijb450v(7ojSX z)pJu#ur!p1>Z_xFy`f9vRcK5u>%%jJNZodw(0x(PZJQZb65Ea)xl3@$&XmGrqgdUc zDJz7w<~T|n?zl0iT;Q+P2&3hc$MO}u(lYaDQiP!vQYa(KEe{R`3Tfu3?Su3HAuFQj zBsG$2sSH&6P6c}`Z3jOrIxycKj#keidlt>i{B%Cmax^Q8 zWH~`wwt@#s>O(ztQQZ9n5w@yMP~!lo0o8!4cikXsk@Vq_^_}J~->4_wJ`aaCLyu1J z>9gf)y3VqtlMUXbo_c0m!Qm(){jUgN2ka5rt*KeJdrNV4>AEPklcwb4nu z6}87JNJ{@}_Y1?(?*rLpWW4^2%uy0pMxoi`Xgv?uB)46V%;&HTP0VrP1N}BHBXR8c z6o0nq`~itoPoOMs|h%h(=zp-QMiNVJYq1EVZu&a9`Wy{iL5WxV5-FYRb#9A*0iDlCR}4f325~^*PtCG zxlwjaMT3{LhkGdFQ->+)zl@5&!vb@RCpV_2R1$)RC_OvOvosUf^!BvW9|cg?Hb=yv zm%lljOS&n0*r&aM@eiU0WsFie4?C8B$jQ(pSI|f$2H*7L6nas2+9UBWyz+}Y zV5I0SMU-=f7y(6d^^0yQRC31{S@z7~0v7wW$iY(M^O zXRAfkSUPvQ&pR<9(d;bBKB$gK?1kO--P$Oi3i_{+?XQENb=2*oTlJof0d#dN`tuC_ zS)OLS;87D4vTohZ5B2c{?h@a*HjyTVDD8h0aEbm$0oURy;9~qE;M)8x;KFNuMlNbCh5@VQuw@Gd7GM(uR*a{M_=nw;jAU4$j#X**Uh@5##u&`{Z&Bq^#_nS{qgQg zV76JrY$I!}^f!jnNVoo5`c}knt_wmX=SUlfuc+%2i1PAi2qt1k?1k~G=pQRvvpRq= zHYfN(Sn?JGH&`zMNwG|}Ks1ZX?&?P${i$v2p;hnOXO{LxNA(ukC_{F`ASaf$zpZS0 z|Gu)Nk2BKCk`{v97$0VqZspt2Xq|23K1e&S+SnbYv@sd;pDY1su*DBa z4!>tV^d5GwKJFcENkFRYdj&>xFS-Z`D(oJxZD zmMz+*T@lOZ{GD+fViM>E{6B1P|9#jE`gdV>>R*Rl-1ac!K{BjIlXe>4csmdFOE@RY zJM?*iG^im{3Yvq5y7+sW0^mNu3^~odgbL+dkwxU;{7aipE`#mFYcM&r5OzKmzZ(5V z*^^O(wow|>@qF}{c-Y}2FXQRZhSKR3{sH9uEv6~kqJNHXnVvz}^QHUT{d@d3Lr*IC zgVQ=0rLU?DWX6d(LpiWQI^XCRL_^H!p1T15FGjcsL4S>KhsOWw2=_bhe;(lys$9?h zbA+1`@ajC__xeBF;GPa{n|TSOjD~g7g9Fn?K<{D%cTPu(9`@UaAKDpSvAFm$velLP zQ*4Fj0*57NLCF{hMhuOjMQlx+hABkq0>F!S^1b@6q!;V)1uGUXS(5eyN-ynpJEqbapaNkH{slrW?6%tR7&fwipA7 z6j&(>tX7bpGtjQ~1nt!4JpzV-vn))8K#2HM6>7Hk`i%R3j6Cu;BYXd4hZZDRp^fG=nC>B zHHwiYwlCt*wzt$v$$j^g?Bd*BMr#7sC@uSyQhMaqf;wYqPr7>Rq&_?=U;6{}P z84JW7=2MAso? zpVyo?S)D$95As*Hr|*GCJPY6a!eHfNrbJ{0+fN+cRU6+V&#A6UBNi@|+M$28n?e?4 z&s^R~&mg;bGQ;!6!b?@{VQ;w1lPNPpEqHn!wF6P0C##$li5RKWuYP4+fhrDv+6PZ9 zl80BLnKM+95cxG`SihC8tjnS__gB_U{mQy?3h_rJvGV=*!t1#Q;h$WgsQIdA zhZeb9qMs9&r7ITQr-SqF?sJnro_57G*}72@VWtVEUgNYR^uj6m7#Gf^CT`Kr)a39N z-}MW1BnletC$YIbMQkHer*XqG%D7xa#>%f};-zpMRz8x`iePA=qm<^{IX7ngTgfjZZYnP0Jp2Jl-oUt^+*}$ZRc*M)NqX=_QI+Puz%1PUs zJV*vsfT;gb>3kbFV0EkH)8}SM=D7Oh$-(jbalzf{J0H_fL84K&!>a%<@FSgFR@cTW zYu>s&G)7Y%N^qgC`21@{8;EN%u<`ew!CdviGbyr#zvDWBr?pXhFQYeaQ&9O^2rUSk ztH%pXvUy1MGlL67!L^i^fJ#|}t?tlJDO7Y$);b1@^)v^yab8!phRmT^C$x)c0k)f! zH+WLz0tRcuuTbKy$Ig@f_!LQxw4(_QOwTFtvIuv;@7p^>jb3(pL#-b_7VIY=exddb zVhbo7g}4Q8vw-LGDh1gcwX=%1qnD~*PxW)et~CQO1wf%3r81gSy5vy3NP3P_;v?^h+AG{ZOn{7OB zpAnS+X#w1eOfZSH*LwSm|DRQHGo5oo2j++|)f}RIPz(TM-8rA+*QA)5u!-dv$?yrT zu9eV@F;g!}jz0*UUf1kd(+hATah~}E#vNwL-$;fuS4)f0g{ZxtFN!%7j|>3iJ3e4j zpIAs-_ejr>N8`mc`kg`yx7K}jYLWcmQ-g*1-lHLQtPOTQTWQPgLoBz_a@M5{dOuTE z_BWk!;B?6y#aA$r7ROhTUe&*Ta^OJKt)fpQH>TIiIc7EVKzO} z?x58%jEVkG&e51eGX(R`<-UL=?v2N4tlXP1u7Cfc?rB%SzYEK1q;y*m6P98hHybq%i>BmYh*7hON%8RP1o14 z1YBUI9`0gSc@=y^EWE1s@OEA?(Q?M{4uidR0Ko*^n~VJf0xLl@A?u5VNk^pOcva#i zWjn5FSgzhO@!jx$RQPo`^L4&fyV0qJAku7th#!%06ixtjg*qejE6z9pN0?n#dgFmo zQV8gWT>6N8IqNd)7*=uE!WBKpe84iD!+mP;Co1O|qbn%QG+=`!#tzi6*sWmNp~>8a z2d;`t2LGnig!RKF#Dd+0Kvrb8VoIz(;Okg+ zL}&16tLR@=<=d`?wbXRh&atRT-TBpH-S)EdGOCdn#@TLAVcrLuo?wBEZ{l`WZw2zH z>X*m!nfNvQzBsacIX}Z+dA^Ng)igU0a5XAL8cJRUu%L~qW&Fy`;7s6Y8nKx>t&i;TlzUiG`v zCs;OI27pFGaqJ9}rHRc)g%rzfzSI&9e>bvt9b&?$eZK+SC?SZp>-hs{vcmxllf;9q zyRX3f{#Ri3+Dsp-pK0l{`3umu{|4w(1BdfbQ1!22^Ogm)QPSy98A5RYz@SCtxC(mF z?4N_xx$G1@4oEzVj~rq++-vs0vJ(M|kR%W$sAC&s$3L^?cFy|HRc0fLcmMqfM1)cI zp-z{No(u4zIuWiJunb@TpBd^9k&VJHJ)4wr`FKEi#Mb@2ErV!NZrct!lPf=9&(hf} zGSX7@!OhY4JVVxf3SLnf#oA~WOP2R{aCvAqM379>22ir)#_z&@h2@NWx+xv>U-k4N zkx_%~JHk<-ZH1vW0BPzUzohnpeeTFJj+QDITBG{*n=6`sTc&#+Ey!!7j*x{ooYgdE z9og*~BN#f^37%Pj-lhRexZcXS1uP+T^=x7I+^>4Sp->4veBViC*Ek+PX4+si;kbrTmM}pbLNaEd3Xs1^y3wwmT+#4FY_G z%xu4hEa-A)r{Pb;jxU|ZBNA<1iPf(zUtpJrx1%=|AZe-(CDilm9Fd)=PrLR(ht9QT zW*1(w4}^ADt|d<}{%P@bqI&3iZix?Z`2N=yu zpMU0M$W?G0YW6nQ5}d@&WbRLnqAD58+834=DAODDHsKRy2wTt6>9juTwrsH=W~$FZ zUt+(!s0Xe70TQS_gElyeGZ#e-qbS1;Fa*?b*>75BJ1rAqCpL~|z zp<04vLos=w3`u_uSc&NFdRIjnj0QjgH(dN6gy$uK7-BUk+`1yoTT}m^6Z4bC?eh7b z#0(T=`fsafeu|5-|FViUcmd{@YsBUCaOtXZoY1)Rv?jW$Zp6lTGMKOzvZ)%>-m+$E4Lp)nX;EVIu)4L4GJV)M(cy^?eXCa3Pl#?RCv-=J@kX$7Kq9HFlHj*&_JzN$tYdm8$hEFM`~@G6syhj(eR;->M&Z z1*2MwD31VgKKQ+D3U};0aJvCIjFl?gG?algN}V=h&3IJ@jIHv86eb3Eo?GIqSYP!B zLcGH+s(+nIIcPVKxB-!D3b^VlOZmD)P6gO7R?X`!gB0u zmnjG)ImF7vG;;xmjxRyO(ftuLrkR>u%rtHb+NajVjT!ymvCY&r@-024jRsyYD(!Zl z$5Y{TUt{!o_Z0ka%OD9;$m+|V$~@(V+TSh_`KK}`I)7E>|5e&q2i4uA+ZuP5;O@bl z;1US#?gV#tcL?t8?gV!yxH|-QcelIw@|~GEb>`ffTlYVT>e|0%cW-vT?^^3=54rzR znMnu%D)VX>W8dV5%B;NuvGt)c7yP9%Gj07*nPC&|jQ^<2Hq%*$(k0}~aYI{*g7pFP z!Mr?>5ByW9JroM|A{3xQ98%BykFCr#zBJ0|Z`rPxybQR3H`Rnff4QQ?MrwVHD&S(+ z#s@0#VMopFSs&U2S8*X(6KZXCT$4^q@>f%u?}Us@`1Njq1DoIau>H=bGw%^o@JrBG zkX?jOy&rH9#@9MJpNgDa9lZpg@sFzb`U)w&850+7t=@2CmMy=M-eI^X3Y$5Xtb#9V z)doyUo7_Jd9s&R~DUdk>kOlLXQs*tE%+u6YfFhc`4WyVFGhdy47eDX!;kTlB-_N{p zl(%lm|7#IloaU7uM30E>h`2Om>e5bZ>aTcV8l!j-CDF$M@Ds`l0mCYdbHgZ-xsnfZYKhny0`KyGcuHBkNED79^O4+Ivg0~)KY4AcQ z*@Gkj6+`x7;Ztroq#{Kr88MFjda9VgpKHa2jK`mg*n9F)Dv1unf9LvI##ExOl;CWL zjYhOO8AGDWH6D3BTqlX6n8oJma4(kxyNIW{&1+_bw~R{%e@*=Jf-=ZP{=33hRbJx7 z@KM}<)uiLc_+V{&MyvnU>Kyq_e&m0HP~6%U`cze+gWm$b;G>5lE+=~A%u>-=s^Q~J zG}DcOkuggRW}B0nMrOZ6X+QO-(r}vCT>j7vuLkRy>N6-&17S+EPD4tYD2-=R_MNti zs1e`{ri~QBt5QvC1PWXhDkY`+oFQw<+y`Ew62^_uWVn@!{UcXp-y=5CSKk3n)W^_C z9Hbmf^+W!vZ3zahZdSXWM%e14_X<#{8edgg>?DYQc=th^X1##Y1ci*Rugf$iop zn|VU#{LI_kUMi!j65em~K+C#524tbs)?}nbLdya)a>NG*-OxW(G^UvF-&SaY$qy?u{6`f{jINlHZ?Tn#BqrbVR~fzcQATUj z$QRmwl99u!5&9~c*D-zvPE{qCnLC|?taPe3=!F6d4|YIP17gKrL7y7}(#MAYVT z$k{uw47-t;o+)PBrEdd)t1k{bH~oVOZ3z$EDD#U0A~4WronH3!L0z30%EuAuhp=A0 z?Z$1Ps2@_O8C&evLJT-p7!mnmhEH2i%S+6zOAovd>VvaV?Z*Ue`F_y%B3eL`lr=4e zXWvsrB35z>-1%D|Njt?d5XHXgsRtiioKU7y?vZyeRu@>RaM zUVe8XMnvF-Snp!oL;J92gMwr4;OWe90fA*6!Czx2tr%qINt;bF`2xcvj48<{M`U`j zAO`jlRudU++U^U>qnq{W_ToYiYT6XX3zbVDJoRlYONx*LH;Xvs(`NY2qOUI6I+12m zm0rQ(Q&IB8IcJk<9yh@>@dp19r9b~IN>fLhP*1T{kWV>1wtm$JZGenyXr8)%P1y7F zzTQ6TwZDx@8ZS~=za1|aW(X_T-Z;R8434+$x{oIR-h|+0#gB}TxjL~;EX?*DyC64< zroKNH+9NlcIv_2n5XL|i?L(P<_@^>W2~eiHB7t1ct_IP;c@s(Szck$G9T4=+TV^yB zhm_5z1}I2hzclA%?osUMpolvGlY#TJ$}u!|My{>hf6Jn)`aM;|&Zq7D!jbC1>-y_0 z+jtAA+IYCuM2DX=n)}3ya^yD*vZZ}@MTbbZ`?h*_b2PpG5Dk>*H?fp}LS@h8i`}`Q z{<$Ss^+E(&!xAnXwL=ctoj}^T)70bWlh^N5V?1ilnm*w#lHZz6KG#SN^^;?)5Yez* zqMLndIy+j2rbx=x^nsjlosNLH7*0~kJTBE5IKw>hs zdwaP$w7YxEx29B8y`@2rv8c4j`K@>-#ne8ZEou1$DG}X!6L(Xv%sC-J)6MSC((v$A z3d}ZY{a)M334He&y7n>s9FK>rY&TXpe9fu>VhUBC-Mr?`tedrDkat{v)+qar{vQ6S z`{7J?YB%==+3!Xx>HAxN*FF%r1US<%yT#5m7PE||1r}PPG|vl}Sl9;yXW%P9=EV&KM7@!}zSq4il;uz?EZ4@+% zEQR78(`L^>lz01Q2s+zMIN&5&&b~Zduv9#wdOPrV>J@zllx?U*iO8KTI~L0Nq&Uk^ z%|LQ%n9;pF`3_`H!RA+#r+C<^2JVdDs3M!j8BbN;zz;+uaK52b*Bwp;xlh za-=5=|M~)|Wa3OhK&$E7|C6GijhjOM|CRYtyWB3lE^IVEuTHUToJk*<8qspG#L>F+E(jVp|+LyGSr4(dWGn>CR^dGTN$eQq*MZW%rCY@u{3ot-Nq{Ro{=Z!5 zy#I8iM@HUk$cLERqjg)Qbv)QKvjom@fXGxR;s64UN6Kl$mpkNmXKM}At?>_5p*M}_Bf6agKw?X^U-<0M86MTpLtBF5xu z1Y9wzC>>$s4>n>j6QZOo^&-)?YwwVos7XFpg@Ma9r0hfeX%`H0AzW*3i%b%a33ZjN z5+q;$AzJbNlW2t*Op@kFd4KBFwXrA{!ZO;sbu7m0^$)Qfm2e)J%V+s3|{E)cF+)!g>*mKQ6KPlbeqy zD>yh=)ufOjqZfaUf3r5>3CG$mF4c~3>_QSO+zxbPvDWU9r@K*=)gU1TXIl?Z0}!tS zaI*WiY>PG2eUFFDpwrc0VFu{(m|6DTW&gJrwfmnKHPRjmq2@DnLUtTY$0wNheGjsL$MG-ZRetN=$g7A+n)?7mwpzgLcgC_FcPkw7Nnjl2R=5@g$jw)J4cEfa<_dyi`~;Yr5Eo> z+kE2^HX{(n)~S;{72KEtteC=E!jZKY-+ zRa$l0qn@Yg2`FNdpXf#fN_EZpoK#uu6#Cu|O7DDyLicb8kJ&Pt_&)G3?r&Iw!)Y!3 zAIt59)!pv=g}qQ6^pIfxl-u_K$g7Ob(Ds=Ru~rBubQC0isnb}W6; zYt;PTf|!az%Gv=wsQWrp^gPU@|L7W=w*TEV(5k1+=14WXF!p<_H~|uH(pl{G?Ssp6 zHRuEXF0D8|HxWii6ZDGCl?twYpUaScwGp`i_KR0PftV%br?gi81x~DGqL^mLK7>aC z0Bdy(YR*cIEsIOV6jV+E3&2`U-=6>RrZ3<9@up||?M+Yr@TS+f!Up~2O=mNI|H6k` z`)LNiwW9F;;95N@!JQCWQUSPD6O#b0)urG+xK`c(u9YLr-&`yG7#zP3u2te6u9e3h zu9bzta@-%TRZlbLSB$KmgMG9rM7MU{20{}_X1qa_4P{va@Ah?JwZ6!S

2ak_=JvvhEt)@1%eMBEMBcELyb^hOL`r-Lp=oZij?Tf0hhfe_t8ofQ2g zPxfM~i;2yeLTTb{s6|gzYN+Kf8t3gVdwPqm(uX;{;4_AUcUI|dG+1}F1okElBAhp# zI7jpYso#u;sD;F=FMuWhy!VZ^)7U5PrddEEV)i0Rpcm)+0?9fKN!vRM&Wq=H=n?H;~M#r-KZ})X#4hB$MYK;cKChjXeEUrDvqxT8nv4!mk(8aXk_Xh*N$5 z;k~~lm?-G%Wf;)AtpMonZPV>JZQT3lMP3h(wruWu!32g&4_#5>AQF#li0Ey#J*HWV zUuF9->m@s9-y8BcSXsXQ@I~$$@u!_ZZZjvLh&J=8J}S(iw#;huRKEA(CKriZtEv>9vN=ykL@$mwv_1W-^`L+qqSAL z^v9|Bgwj8pFKk2FmRcWOCy^fU_2*z~+Gkf-+a52}QQ=y=9|IL*nn*Tr=jHiy5cP8P zR7c;76%*rV6)>a}B!%4|@QaKADdJj%KPln_q_hPdxR5ca)_-eEPErtV zCd^R%F&l`xSmMF7?KPx(+35=xRjq4*Wu)9TTRY;1r>QV$ZXiE^@)D?)F1Wn`^->zS za~{CgqUrksr2O^HYJPYz`5LnoBC1k5hQ`Fn#{T#Y*80;Ij9~6%&dMVZV8H7}2w1?T3s%lj@ay|BR5a;;bOqPu^)gA_;y_ zDDNp1`v08B_GjL}jDsmoRF=#gJS%3nA1%cP@k(AcI)vpnv#@^&6d#b^qmK_(xJrtE zU@!I1u3qtklR(!oAI4}dyo@kFBSzjB+~1o!35-`}bkB)=KJ_30RfTaBK3wjONF8c= z`i8qwe59y82fu1y26Qw(L|cmi7Ar2MnsOq{2^BdhK!}_;LlIhyqDR&v9+0uX0~Ii4 z*~%Be?%(;w?e2-(^mK9(RpzbTmYgxz3mVnUXA|BGu9$5;s_P4}G@x>e1XPfW;8_MI z0*D2bxK`&$w*-!$L3k#SGOE>EX83Z)zlie7iPgFOevDBJ^jpY?!xT~~(JHs+%GPC=CuHga6eMl=P& z1M!eBs5N^Z0&Q+%>52Q3{0>p#134v~z=i@?Mq5QXIdndLKWkxFnb!pp{HiWYiTG_3 z*eg127czfjuBqa&;o?tUBCEI(Pt2zQdGvmkk@Kx1mQQo>Gu+;1#YKP!Tv9-+7QdLl zgcX`3{zkhB80v9*j=Zk?OwI^@{JY9UKg^R!nK@AXMgJLPYhEcK;fGj1*`v~2z=Mws z+KZ3<8u??dAn*9o!D27)(H#FZ+yMSj<{sKU6s#((-jH@xvj1jRt-t`I}LFwz^nOXMzB(r1Vul%dPCzSWoG5gDeX zJb>BVhN+W+=A`E={~3XPX{(1MsoI8-Nh5`rRlqrJ^_i)X0UN`V)I}n6#*V;W)8~#E zufkS{mI~}-J-IMxJR!J>>pe(t&Xyw?{KZ%M?sNN4Ow*thW5D&jJmT1`!6x*Jok6zi z5Y61lsr$-F$`f|3HD9B{H}5lt%q+|zyzR%Kk@1q;Oebj>%hz3d4L*0*Tz2JdqTTD` zi5Egk#6@}^dCf8x3(WvG#F90;Z7y$lx^~}7Fo>mEt@^TfiR-sE$M*S0!{c*1Q?#Zb zq?GJ7XABkmSkU&edhpm?nOrPJf@bnAj0?HjA&p0QqHL&|v<>vtw^x!_zr*u2#}gTE zZ{Gk8D3TMR2c94~j#nP8uxED+X>Xai;q!ytnRN-lg^|AEXUiWQA!SUw7_9U`O;F8-BdJkhn#7GLhof%LfT zv5rLbnj8!l^Ll2ANj^jBl()Yy*_t9A5D!I#d}T|#Qxq5G%pJg@m;;=w**gz}u&Nea z2k|xwD;I}Id&ANIQ$))iRIy~hd5zjg(De!XMHwwmI2NM3-bmr$z3z8DI{)nXr)jvtI^AV|A5L4tsh#1B14w>X6N$bR0BD49DZs3 zcLOOQE3}4pVAG51<^Fq3o(AI3W9!1JTtGx*rGy2yfknF0df|z*dKwBI8RuKgfr*Kr zIVyzc(?<5TG?%^pMI-%&IrVK@Lr35n7{c4_ZfCs9%MQ_w_uRh;tvq@DjChLsE%$oP zaS*9hheU4U6>`JZ^*5KWsN!!BVYeJoSGRYp3q)4KbnuzG9vDTtwVwAAfzsoWcqhbj zE+m83@=-=651+UDyt})dtE1CYD`)e|I{wq`?y++fz0U3US~^dso9A2Q{jDi%mTUhb zq`Ez{_`8U@(U14^C|La1MCVg!5u3>;YqVYszH})KoyqMrn#if&4UtCK9r#Fba(68e z6~uMQWN}|?$eHi6v%bo0NQjVNMHsMD=p;@Zlo~1M$m_C1p;S^+4!h&->={>?``(gOD92dj;nO#rW!_wpCndFs$2!R1{R&II_-sYU-8(+J z9xE*RiAb$)TMs$06!5Cd7Mkcm5oL;tO>VM!+rwVYbBqupTDRZ)x^EFaS;Je{+ZuYg zf5A)sY92a|QW1q-0dE+ik>DNl7%jLE|7tbiPY3h^Y-s?v=6=<5LHM2Pti#@R?>vmb z$GUcLe1xSxqt21c?URvu?tWEBrXQ$okP$S`9=+BLGAJ(0K6vqxa%w&|&q3fPHHOTF z4v)vDTbpY16Zc+B4kp$?lJ0rAdqgl2=QE)(9>dTA6bZ7#!kLSZpNa;d>io$BOhMQB ziWT(33-jDzj8E@WO-3bqw&MCO{5CD;JZe&BL%g3jZlhzKK9Qfnf+1J^JkjiCRA!R> zlkY>(F58$>WbuEB1!-&X2j(3~7@ZS8mbeF?ppVDvqpaOs4mflaT3P!mK0R^NwNT8o zeF{&yeVZV{s(W6GnPbHQrbTXI07mg81CanDFWO$<*VRJi3^N6j{_f4vLvBqkv_u8z zU*ZNC*!{d#Jx7}|Ao1Ns4}=s#0xl6#QhK1uw>y#6fyusHm+lImaIN%tt&f!jfQRo} z*##4AOK_pSOiYi|0kNhfw2rFETFm$ava>hjKZ!*bHo|Enugf>Grk$+2uxsg?%04I+ip)br>6 zB`(v^@ati%fZo&j$X!Px<5LgUyU!Jqx%=;Z$4ub*GOpzv6?_#Ex8=<6R$>E z$2qL_Gb6HWd%6r|d%)cn_|7iOm`(=6L*Jl!ClqePx|4x>ww|9bse@KQLw8X|$Py)J z==Gbepd$_)Xld_4vl_UagEE%SXrR51C;ZY9aUS2Fo*aPhxZ%8)Q?*+!fzbV{I`iH= zm$8kVf9B{gU=yGWp4)1C0e4l<7JP8w=RIp#jRT6JiCm5)ZvaYkgdRajB%>*+KB4RZ z?XNY7?!Gc$JL_%2KyWV(_C0S_@E{`U_-bmUU4%h}*QV9J{%V+42IQI&8=wi@jABQ& z^OhS8t0;6Z=apHpIM3?fzta*}MFRLI2DtJAt6RVvGkAMG$$NaQ?aTWOYv2YS-T3&L zr{!xc)&PCT-Mx20q2YSsG@J_0Y!^QsqHOAwvZ);IqNoLhI$ z!;?fLdLnH>54;d|DMCM&%v!Fi5&Sd#Df&*%w0W^u0LK17icn)e?<*o9*B^`8QR$J_&)8^`K-=~WE#wxg*kE|3+ zbJdFpzw2@aeYQlhZVP9E4-IfL#|%m|8DSFeQcd8OrcXiVNgrPhFj#c0+L!=>+|5GZ z$JccC!WThAz#)~{M|um3n-FL5_c|M+pGLM59^tux8;ebAisg6Z>BWN4p)vhGE4$ET z2XBJIMOAzb-6+G?KsV>TbG6t!z+va7BLJe7@{%43{a&ip!=EQ1iQ@6IhxIWV@xu z$g(=M<-*P3aSNrB$>YJUOIq0sQzoU9kWI|iM2yG#SwOQrQ|nl}PHUTIK0GNK=he`bMUa&P|X?O2o(y@X(OiivVRr=X^0ugd|b>w)ad+3-Q!&}p= zVUx7#t@&-ek%CpuYqI?tM^wZWEX%$%hQt;cZE75gr98C1E?V!X-8#3?{1(tf4~(|S zy|?Dr?}c-1$x4Erk$Yy1W0dk57RN)UIss$y1Ob&|=0XNx z|26``5FEw*fHUmmAY7vZ^kfuh_Uc)kJ9=xJDcY|g!)2I=5kc5C8WX9AGb!M+`S3G& z@Vd`!X{1gw;MWDResc=kM~S{)h6d1MvTT#P`Z=;z-5GlP!?guHXBX&AA~teP{EQ z6ngKbqO(1vrKKCecg~wZd$!WE$AK*MjfD|jw=xbBd(~uiKFJ;1>-oF;<+_S!y#vO&%MVlVaBq@Q z=gR=@TFGObiuZGgl7wc!NyPc;?P~53y%dv=`u*!zZFX&#mxIE(`ZDN=bsE=F3rTVt z-1g1>`XcLeBr#dbZe$_x?^mDqb27HLtYB0crvilO0=0b_WAlu(_s;ju_F6qNoCWL) zovG8C3<>AZ?eo4-gR=spY%R+8{L`~SNs&eI?=}_-1YmB)@6Xgj(l&w&`LsX9C&tfy zE!KG6IO2=#t3o0MBcHOCXZ6Xa2enCf8yG}#rDrN;`*Ot-qd=~qFR9vvhM8d{NVIsS z5n87ylrRghi!LkMMx@n@Je3Houylr?sy-xO}S0hHq;w(w zHl6EbrH6cWRjVjPaLa&q!`n69xob*$ zfbmNQMhap_@I+PZ3ard9aOL4lD=d4Kl0H37Z0LD%W=gt7?hPV~8Xab0Rd>?K1)U3rR#{Fftv8tWnng-0 zoeYQ~5xwKKZf``KZ5PW9c10l3(blQ5%Y9-QIIN zpHw>CC%qQd&7GYQ*ou6WHQJX@POOb~E=&jmQo@@6JUI~d`XN$~+Zj;USC7cyy zCt%4v`3_{VQZvXGi0(4p0@ys#9_erVqaW_IYTF6PrNh2;r0^oU(32e@>?I+uYM zRB*0S%BU!}JjA)02S7ECR8GeO&rEt}{I$TvY5y%F^MD*FB)%mv z-ky-#j$0;9quDTd&FRD7?JA?^f@$=VG)nX4&Ce9uqT9|1`tNR!*I~4-*VnKeiy~2n zOZLOfCnjA5g#$cKkUZGNMfM6wed26fy|nT-7uVd>yq$|XQDLZVQZYN;Z;!@tg^|g@ z7EbyN4Cz8N-lk~P_mn|7sfAP{A~OsJ`mwrB(@aGaTI+Z6!8fK~?7p}{Sj!YyXx-ki zC?s(V^}&IbD*bBfI*Ykt>x3mKEEgm-GF2OWwJRHm#YmrGUTn^mISP(<_ROl1)r`^5 z+n=84+$I#iN>!CN@%WMvwh_Jf_Co9}q<2UnF~B9{C3=k^bDZKLtxVS+=tk$fCW1CE z`m1tcG|n@PjfxJZb$r>u`|`(V)nw-Qnw@)rOfIFaoss9AvQ=Wm(parzwb_AAY+AX+ zV@a)d;$B$URZX~DA>bObo(=8q5-eU=H$*O)k zjTXC~Z3p>8coF?Y0?{@K&TY0bH5PAg0rQaQ{obSRsdO1T6?`3+r>ETf25i5)2NHuG zv?8AoQD!_S^ce?gt&!(l{qU%caD!whVcerzf?`_F3KDwky6&)a%>x=#HV4N$K z?DG)QPS|ztXWl8z-=^L|OvqezsZpA9edKh7G-?m@>`U7qT^rgehmaGPymDBwJ5mTs zzx5GHGGosAs*u+MoPpu)u*I;|$*fc-m&s`kW_~2Bwu!EqkwSbBzc8`2bXGk@W7y;A zs`lpN@v5bg`5B{8T4}_J=hcwJC&eAS&t)>)RN)|n zEco$ibD5I%zu*tuoqbI{s}O9qH}f%?=~-JA0=^X93N8qHpuA?Xt4ABUQ#f zdNfHSxVc%0`hP2@s&eG|r(db<&v@H9Mln^9))LO6Z9eh2wPukhZ0T+*pL)GYYX z8_cX{A6=k$EtQ5LP(+-MHPzr9{3odR1S^U`0q7}@OlZm_Bfp%RNcz*-exSSNUv2Y{ zHXt0p=|JOOY}9L%IIl<1U}}u9!FMxNLZo?-2R>&+%tsRtW=YB#sizkbrN~{SOFG|U zK(!}Wp$$&10NwE7+(_rkyyOj-6cls%XmtU=ML#*c;7^WzZ38aYC{&S^mbf!y3rp?w z+sh9{mGs!TqDL`lL^XYFoUS5=Uv`svFuO{rMxXcgE$UL(I27WxRDJU2MmK#^E1MS) z*DwIJ$nO%>C1tqkR)-X!D}2YoDjBxRb0|qVWg<@xty8WDRZO7t^oi>d+aR^M%29`u z1`PW0r37nFC>_o0vsw;S+?zz!Ou+8EIMO4>336n6gZHk8?*!+p5Exh`@Pd!|M3i}< za*Ign)sl|P7ar3tJ7@*@5PnL@ zR+)-NY`S_;L8FvjUsJc3ijsHsHLeTu;39nYEl;e6sYt{Up@qVO!2}Nn5dqEy@@x{O4i0pV1)_>bfJhR9V8~$3<)yi z6-Fu^H{=HmC{jQ8)^?(TuOGia_C{@9c5bN|7Py-A*Yeq z-rLc3t!bW=6Ks{!P*JqN$NMWDgJbB(qp?Dx%^>xxTfX+PL5&~v1*Wmf7OJI}?Cs}GGik~OJXO(d z^L>Z?jRa9{1IP_LeolUraKs&;y05eyJqLuMoO;m~4pG`f3RUe+sI!{|zP$Kz=!HrN zFZ<5IWq3|p#G6fK`V)_o(^)!P}C2jB!I+|Lm`b#~$8Fe4)oDUNJ7J^>gwudIX>wo3GPV8Nr_}kX)d+ z4Y(E2D=v``ZSn6&McS9MwpFpLh@aduUf-H;xyE3^ZoLBXM#cl8ZM-R3tL`kIfEe;1Mwu5UP+*(=nsAx0blhbFm*XVvvp%Id(9-~|(L@B}@O z+B-T8K`gR2K)7)K`l_{r`1|@I4cj`V&iMw?ij|$cU@pz5R2T-VCF@fl%PRC1Ar##T zw_Ehgu%L}hT(LZUi%1Km&cs?DtbYd`R&XRv{gDbsDI&-xXu`^S$lFboW>+E|9nAeq z=6DLJ^RP;)AU3`2z#N_ParTAO++(*HCYn<3MeACXm!phni?tc7=q)+E~dC36mWN_uRH<6Njo8xp=Mb7KW-sD>b+rcM9 z_O>CIjI`NCh}yJZwpK%GDGRprrF_IC$qR-(Di;F)8pg`5;>?STR-x09Rud29ljX&* zq43P|7hcY#Gb7^Z!uHq8i9}8n+eQ8RYEco%tU7r&5Kpu3i;^*c@+uU%c&-YQ&8YXlGRlXSAa^7*W&duxJvDt$}g3@ zHz76_J4ZZLC$18vTCBd6UA~!zkB_juj5(vWc&q_1z$pH6(`0^|gqpQWWsMn100>K5c4Rj6tD_Xd7%lAsA zUVYC3wvcLB1nVkl))(L-AV(ige!OgHhgnnQL-I)2V*6L3xu-3u6Kxf%mKi;T&)ImB z2qutq)FG7Er;_zITsymUII&&u!hTx2%3MBpT?o36)u4;$!f5bLV^@nMBYH{G&I?WA z7@;n6E2n=?6EQ>uNseI)t4671_X6aS`vlQ^C)Jwc1g1W{S)u)M9B2*r+{fAZ2NGbe zs6o!DEyHk8*H)5Tj4SAZq{~XyZJ^7*r(g3kh(J$$ocOtus=31y7zVAW33O zRN8Mp=J+wn#|a!+I8UoreK)O@5kUxLZqN}$F9$GU_g_bV=Vefpm8qTy;>r=3WB5|X z&RI3Om1RJegU$mVpP>;|BdAiq9nW5MEryko#NfGD6j{W`szV zk2!uU+mWOtI^QVOk)LROyTbBZ+NqCY7pE>B;BN#xg=L;~%vv`?s3&BR1KHeuw0&60 zxxXp}$km6NAD<8r_^MA(TOmf}a&R<;J=}%^1==Yg?G(rf=+Dxtpvkc;nl68C4cx7^ zZ~rM;T=v@nvKVwWG?Wt^@O02w+gYqV_R-^Hmbw`z*7~yF4#s9(TpM^7XVS9~Zw&vHn1zol%xM}>%T8R9EiHPz}8q1r(HH4d;1g1EG3Bm6cX zDMxR>h6gE-HcMIOuwu(`_&IE$ooV|~3g1tsPBI`A37lgIK>%CB$NpepJG~^yjt)?W z7di4g!U;>NWDB5$BadJmRir|4T|k~yk7tprLftm6rI}fJ1sSAP7u8LU;?AVxP@D#A z>M?K+KMeri;aTG&%``CGZg{>SBt}f z*3{d`>SKw9R~_LT(GDeClit~>=CrnDL4sO&VXOkq^9C7C$N{ao%T!hngEZ_ZoJGP# zwuuZC6ACD6VrLHV$)H!5pKqbd{T4Y31mHam^$p?*@=E9ov~-0(>nv+4R-%~bfCPba zd?t-UCs*%|5ufiF6y+-9gSyK5&ATM8el_e1J)qkT zEFm&H_SQ)bGUTnll-z4HM|dFTkGj-#X{!@!l-bkF4n^3x)S`q*{MroyD5YarMDC!T zg~Zi(iB4bVc)7XX9D-tjZtrAPPMwWS{G9|oFMQfPgZd^tY88%RlzS@H_}nums%efE z?KB@ZF&<4SW?V(;%OF+SS63-2j>?^o30+u4mh`;^M~@G|pYn@XoRBmB3C;@1QYr(G z`_I=}X#?PD;6)${h?Ahw1P~l9gfu*R1|sWHO<7ErN>6{c>vR-TrgUXVHF(NrO-geK z{lgGamn6R}cylf-CZp1zu5wI5*l6%UUMRIZxfXLlge6iHYUk=7Ca(KXg=%@8D^VCT zvtFps9rZspB@Ur4JiRVfH%B+2wEfl!tOgYr2`nrn3V>5V$9(truU%95HY!G+r!A)2 zLM_sN#UFAwOt2Y;cY@lu(dw+6Q5icvt&?MKGZ?TL&FT|=3OV;yG&3#qu>K5l@%niA zN@;!(W$1o)M-Q3$x_fcF^BURGY3#}Qkh{Qn#6ub+*X0}mB8epe%mCvf2ZRI8Qh#+Z zYbx3bdAJXUfw1`v_IUeM;M7G5Drt;XC{Ynz(D8@A&2OxBr-pUh%rob@LOn7_?}#^! zWv{wC)@S+TFX0)}oP4Q|`fbwfBdtaz!2!raZNpyNyZFMEcFPw|^~bMPKi1n;Zojb$ z?C)H>9?iaK=bP2Bqhpi~N2}A+6O7Mo^#WG{Eu8zB=g{&5RcAHGtkaUwoYG2_IV44{ z4cQij9eKXx$iL3Rm#^^^{n&?VW=w?fBgq~#SHBr+$h^z-`kWip(G5YA7lBq}p;mbR zc55kRli<5`TRT2n1?P8uo*#b#vXtdd)4hP;fA8^WXfRNpDTMHW;0Mh%u2%-CGga@T z%jS!A<=-w_zHI@LQbGk~@%Rbv^HvWmh4U>B`tOlWuqIM$;=RD{9zJj0t{BZsiH(pz F{|91=(QyC( literal 0 HcmV?d00001 diff --git a/x-pack/test/functional/es_archives/monitoring/logs/mappings.json b/x-pack/test/functional/es_archives/monitoring/logs/mappings.json new file mode 100644 index 0000000000000..6dbecb8d503fd --- /dev/null +++ b/x-pack/test/functional/es_archives/monitoring/logs/mappings.json @@ -0,0 +1,4441 @@ +{ + "type": "index", + "value": { + "aliases": { + }, + "index": ".monitoring-es-7-2019.03.15", + "mappings": { + "date_detection": false, + "dynamic": "false", + "properties": { + "ccr_auto_follow_stats": { + "properties": { + "auto_followed_clusters": { + "properties": { + "cluster_name": { + "type": "keyword" + }, + "last_seen_metadata_version": { + "type": "long" + }, + "time_since_last_check_millis": { + "type": "long" + } + }, + "type": "nested" + }, + "number_of_failed_follow_indices": { + "type": "long" + }, + "number_of_failed_remote_cluster_state_requests": { + "type": "long" + }, + "number_of_successful_follow_indices": { + "type": "long" + }, + "recent_auto_follow_errors": { + "properties": { + "auto_follow_exception": { + "properties": { + "reason": { + "type": "text" + }, + "type": { + "type": "keyword" + } + } + }, + "leader_index": { + "type": "keyword" + }, + "timestamp": { + "type": "long" + } + }, + "type": "nested" + } + } + }, + "ccr_stats": { + "properties": { + "bytes_read": { + "type": "long" + }, + "failed_read_requests": { + "type": "long" + }, + "failed_write_requests": { + "type": "long" + }, + "fatal_exception": { + "properties": { + "reason": { + "type": "text" + }, + "type": { + "type": "keyword" + } + } + }, + "follower_global_checkpoint": { + "type": "long" + }, + "follower_index": { + "type": "keyword" + }, + "follower_mapping_version": { + "type": "long" + }, + "follower_max_seq_no": { + "type": "long" + }, + "follower_settings_version": { + "type": "long" + }, + "last_requested_seq_no": { + "type": "long" + }, + "leader_global_checkpoint": { + "type": "long" + }, + "leader_index": { + "type": "keyword" + }, + "leader_max_seq_no": { + "type": "long" + }, + "operations_read": { + "type": "long" + }, + "operations_written": { + "type": "long" + }, + "outstanding_read_requests": { + "type": "long" + }, + "outstanding_write_requests": { + "type": "long" + }, + "read_exceptions": { + "properties": { + "exception": { + "properties": { + "reason": { + "type": "text" + }, + "type": { + "type": "keyword" + } + } + }, + "from_seq_no": { + "type": "long" + }, + "retries": { + "type": "integer" + } + }, + "type": "nested" + }, + "remote_cluster": { + "type": "keyword" + }, + "shard_id": { + "type": "integer" + }, + "successful_read_requests": { + "type": "long" + }, + "successful_write_requests": { + "type": "long" + }, + "time_since_last_read_millis": { + "type": "long" + }, + "total_read_remote_exec_time_millis": { + "type": "long" + }, + "total_read_time_millis": { + "type": "long" + }, + "total_write_time_millis": { + "type": "long" + }, + "write_buffer_operation_count": { + "type": "long" + }, + "write_buffer_size_in_bytes": { + "type": "long" + } + } + }, + "cluster_state": { + "properties": { + "master_node": { + "type": "keyword" + }, + "nodes": { + "type": "object" + }, + "nodes_hash": { + "type": "integer" + }, + "shards": { + "type": "object" + }, + "state_uuid": { + "type": "keyword" + }, + "status": { + "type": "keyword" + }, + "version": { + "type": "long" + } + } + }, + "cluster_stats": { + "properties": { + "indices": { + "type": "object" + }, + "nodes": { + "type": "object" + } + } + }, + "cluster_uuid": { + "type": "keyword" + }, + "index_recovery": { + "type": "object" + }, + "index_stats": { + "properties": { + "index": { + "type": "keyword" + }, + "primaries": { + "properties": { + "docs": { + "properties": { + "count": { + "type": "long" + } + } + }, + "fielddata": { + "properties": { + "evictions": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + } + } + }, + "indexing": { + "properties": { + "index_time_in_millis": { + "type": "long" + }, + "index_total": { + "type": "long" + }, + "throttle_time_in_millis": { + "type": "long" + } + } + }, + "merges": { + "properties": { + "total_size_in_bytes": { + "type": "long" + } + } + }, + "query_cache": { + "properties": { + "evictions": { + "type": "long" + }, + "hit_count": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + }, + "miss_count": { + "type": "long" + } + } + }, + "refresh": { + "properties": { + "total_time_in_millis": { + "type": "long" + } + } + }, + "request_cache": { + "properties": { + "evictions": { + "type": "long" + }, + "hit_count": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + }, + "miss_count": { + "type": "long" + } + } + }, + "search": { + "properties": { + "query_time_in_millis": { + "type": "long" + }, + "query_total": { + "type": "long" + } + } + }, + "segments": { + "properties": { + "count": { + "type": "integer" + }, + "doc_values_memory_in_bytes": { + "type": "long" + }, + "fixed_bit_set_memory_in_bytes": { + "type": "long" + }, + "index_writer_memory_in_bytes": { + "type": "long" + }, + "memory_in_bytes": { + "type": "long" + }, + "norms_memory_in_bytes": { + "type": "long" + }, + "points_memory_in_bytes": { + "type": "long" + }, + "stored_fields_memory_in_bytes": { + "type": "long" + }, + "term_vectors_memory_in_bytes": { + "type": "long" + }, + "terms_memory_in_bytes": { + "type": "long" + }, + "version_map_memory_in_bytes": { + "type": "long" + } + } + }, + "store": { + "properties": { + "size_in_bytes": { + "type": "long" + } + } + } + } + }, + "total": { + "properties": { + "docs": { + "properties": { + "count": { + "type": "long" + } + } + }, + "fielddata": { + "properties": { + "evictions": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + } + } + }, + "indexing": { + "properties": { + "index_time_in_millis": { + "type": "long" + }, + "index_total": { + "type": "long" + }, + "throttle_time_in_millis": { + "type": "long" + } + } + }, + "merges": { + "properties": { + "total_size_in_bytes": { + "type": "long" + } + } + }, + "query_cache": { + "properties": { + "evictions": { + "type": "long" + }, + "hit_count": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + }, + "miss_count": { + "type": "long" + } + } + }, + "refresh": { + "properties": { + "total_time_in_millis": { + "type": "long" + } + } + }, + "request_cache": { + "properties": { + "evictions": { + "type": "long" + }, + "hit_count": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + }, + "miss_count": { + "type": "long" + } + } + }, + "search": { + "properties": { + "query_time_in_millis": { + "type": "long" + }, + "query_total": { + "type": "long" + } + } + }, + "segments": { + "properties": { + "count": { + "type": "integer" + }, + "doc_values_memory_in_bytes": { + "type": "long" + }, + "fixed_bit_set_memory_in_bytes": { + "type": "long" + }, + "index_writer_memory_in_bytes": { + "type": "long" + }, + "memory_in_bytes": { + "type": "long" + }, + "norms_memory_in_bytes": { + "type": "long" + }, + "points_memory_in_bytes": { + "type": "long" + }, + "stored_fields_memory_in_bytes": { + "type": "long" + }, + "term_vectors_memory_in_bytes": { + "type": "long" + }, + "terms_memory_in_bytes": { + "type": "long" + }, + "version_map_memory_in_bytes": { + "type": "long" + } + } + }, + "store": { + "properties": { + "size_in_bytes": { + "type": "long" + } + } + } + } + } + } + }, + "indices_stats": { + "properties": { + "_all": { + "properties": { + "primaries": { + "properties": { + "docs": { + "properties": { + "count": { + "type": "long" + } + } + }, + "indexing": { + "properties": { + "index_time_in_millis": { + "type": "long" + }, + "index_total": { + "type": "long" + } + } + }, + "search": { + "properties": { + "query_time_in_millis": { + "type": "long" + }, + "query_total": { + "type": "long" + } + } + } + } + }, + "total": { + "properties": { + "docs": { + "properties": { + "count": { + "type": "long" + } + } + }, + "indexing": { + "properties": { + "index_time_in_millis": { + "type": "long" + }, + "index_total": { + "type": "long" + } + } + }, + "search": { + "properties": { + "query_time_in_millis": { + "type": "long" + }, + "query_total": { + "type": "long" + } + } + } + } + } + } + } + } + }, + "interval_ms": { + "type": "long" + }, + "job_stats": { + "properties": { + "data_counts": { + "properties": { + "bucket_count": { + "type": "long" + }, + "earliest_record_timestamp": { + "type": "date" + }, + "empty_bucket_count": { + "type": "long" + }, + "input_bytes": { + "type": "long" + }, + "latest_record_timestamp": { + "type": "date" + }, + "processed_record_count": { + "type": "long" + }, + "sparse_bucket_count": { + "type": "long" + } + } + }, + "job_id": { + "type": "keyword" + }, + "model_size_stats": { + "properties": { + "bucket_allocation_failures_count": { + "type": "long" + }, + "model_bytes": { + "type": "long" + } + } + }, + "node": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "state": { + "type": "keyword" + } + } + }, + "node_stats": { + "properties": { + "fs": { + "properties": { + "data": { + "properties": { + "spins": { + "type": "boolean" + } + } + }, + "io_stats": { + "properties": { + "total": { + "properties": { + "operations": { + "type": "long" + }, + "read_kilobytes": { + "type": "long" + }, + "read_operations": { + "type": "long" + }, + "write_kilobytes": { + "type": "long" + }, + "write_operations": { + "type": "long" + } + } + } + } + }, + "total": { + "properties": { + "available_in_bytes": { + "type": "long" + }, + "free_in_bytes": { + "type": "long" + }, + "total_in_bytes": { + "type": "long" + } + } + } + } + }, + "indices": { + "properties": { + "docs": { + "properties": { + "count": { + "type": "long" + } + } + }, + "fielddata": { + "properties": { + "evictions": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + } + } + }, + "indexing": { + "properties": { + "index_time_in_millis": { + "type": "long" + }, + "index_total": { + "type": "long" + }, + "throttle_time_in_millis": { + "type": "long" + } + } + }, + "query_cache": { + "properties": { + "evictions": { + "type": "long" + }, + "hit_count": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + }, + "miss_count": { + "type": "long" + } + } + }, + "request_cache": { + "properties": { + "evictions": { + "type": "long" + }, + "hit_count": { + "type": "long" + }, + "memory_size_in_bytes": { + "type": "long" + }, + "miss_count": { + "type": "long" + } + } + }, + "search": { + "properties": { + "query_time_in_millis": { + "type": "long" + }, + "query_total": { + "type": "long" + } + } + }, + "segments": { + "properties": { + "count": { + "type": "integer" + }, + "doc_values_memory_in_bytes": { + "type": "long" + }, + "fixed_bit_set_memory_in_bytes": { + "type": "long" + }, + "index_writer_memory_in_bytes": { + "type": "long" + }, + "memory_in_bytes": { + "type": "long" + }, + "norms_memory_in_bytes": { + "type": "long" + }, + "points_memory_in_bytes": { + "type": "long" + }, + "stored_fields_memory_in_bytes": { + "type": "long" + }, + "term_vectors_memory_in_bytes": { + "type": "long" + }, + "terms_memory_in_bytes": { + "type": "long" + }, + "version_map_memory_in_bytes": { + "type": "long" + } + } + }, + "store": { + "properties": { + "size_in_bytes": { + "type": "long" + } + } + } + } + }, + "jvm": { + "properties": { + "gc": { + "properties": { + "collectors": { + "properties": { + "old": { + "properties": { + "collection_count": { + "type": "long" + }, + "collection_time_in_millis": { + "type": "long" + } + } + }, + "young": { + "properties": { + "collection_count": { + "type": "long" + }, + "collection_time_in_millis": { + "type": "long" + } + } + } + } + } + } + }, + "mem": { + "properties": { + "heap_max_in_bytes": { + "type": "long" + }, + "heap_used_in_bytes": { + "type": "long" + }, + "heap_used_percent": { + "type": "half_float" + } + } + } + } + }, + "mlockall": { + "type": "boolean" + }, + "node_id": { + "type": "keyword" + }, + "node_master": { + "type": "boolean" + }, + "os": { + "properties": { + "cgroup": { + "properties": { + "cpu": { + "properties": { + "cfs_quota_micros": { + "type": "long" + }, + "control_group": { + "type": "keyword" + }, + "stat": { + "properties": { + "number_of_elapsed_periods": { + "type": "long" + }, + "number_of_times_throttled": { + "type": "long" + }, + "time_throttled_nanos": { + "type": "long" + } + } + } + } + }, + "cpuacct": { + "properties": { + "control_group": { + "type": "keyword" + }, + "usage_nanos": { + "type": "long" + } + } + }, + "memory": { + "properties": { + "control_group": { + "type": "keyword" + }, + "limit_in_bytes": { + "type": "keyword" + }, + "usage_in_bytes": { + "type": "keyword" + } + } + } + } + }, + "cpu": { + "properties": { + "load_average": { + "properties": { + "15m": { + "type": "half_float" + }, + "1m": { + "type": "half_float" + }, + "5m": { + "type": "half_float" + } + } + } + } + } + } + }, + "process": { + "properties": { + "cpu": { + "properties": { + "percent": { + "type": "half_float" + } + } + }, + "max_file_descriptors": { + "type": "long" + }, + "open_file_descriptors": { + "type": "long" + } + } + }, + "thread_pool": { + "properties": { + "bulk": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "generic": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "get": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "index": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "management": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "search": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "watcher": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + }, + "threads": { + "type": "integer" + } + } + }, + "write": { + "properties": { + "queue": { + "type": "integer" + }, + "rejected": { + "type": "long" + } + } + } + } + } + } + }, + "shard": { + "properties": { + "index": { + "type": "keyword" + }, + "node": { + "type": "keyword" + }, + "primary": { + "type": "boolean" + }, + "relocating_node": { + "type": "keyword" + }, + "shard": { + "type": "long" + }, + "state": { + "type": "keyword" + } + } + }, + "source_node": { + "properties": { + "host": { + "type": "keyword" + }, + "ip": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "timestamp": { + "format": "date_time", + "type": "date" + }, + "transport_address": { + "type": "keyword" + }, + "uuid": { + "type": "keyword" + } + } + }, + "state_uuid": { + "type": "keyword" + }, + "timestamp": { + "format": "date_time", + "type": "date" + }, + "type": { + "type": "keyword" + } + } + }, + "settings": { + "index": { + "auto_expand_replicas": "0-1", + "codec": "best_compression", + "format": "7", + "number_of_replicas": "0", + "number_of_shards": "1" + } + } + } +} + +{ + "type": "index", + "value": { + "aliases": { + "filebeat-8.0.0": { + "is_write_index": true + } + }, + "index": "filebeat-8.0.0-2019.03.15-000001", + "mappings": { + "_meta": { + "beat": "filebeat", + "version": "8.0.0" + }, + "date_detection": false, + "dynamic_templates": [ + { + "labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "labels.*" + } + }, + { + "container.labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "container.labels.*" + } + }, + { + "fields": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + }, + { + "docker.container.labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "docker.container.labels.*" + } + }, + { + "kibana.log.meta": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "kibana.log.meta.*" + } + }, + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "agent": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "apache": { + "properties": { + "access": { + "properties": { + "ssl": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "error": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "apache2": { + "properties": { + "access": { + "properties": { + "geoip": { + "type": "object" + }, + "user_agent": { + "type": "object" + } + } + }, + "error": { + "type": "object" + } + } + }, + "auditd": { + "properties": { + "log": { + "properties": { + "a0": { + "ignore_above": 1024, + "type": "keyword" + }, + "addr": { + "type": "ip" + }, + "geoip": { + "type": "object" + }, + "item": { + "ignore_above": 1024, + "type": "keyword" + }, + "items": { + "ignore_above": 1024, + "type": "keyword" + }, + "laddr": { + "type": "ip" + }, + "lport": { + "type": "long" + }, + "new_auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "rport": { + "type": "long" + }, + "sequence": { + "type": "long" + }, + "tty": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "certificate": { + "properties": { + "common_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "client": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "cloud": { + "properties": { + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "container": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "tag": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "runtime": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "docker": { + "properties": { + "container": { + "properties": { + "labels": { + "type": "object" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "elasticsearch": { + "properties": { + "audit": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "indices": { + "ignore_above": 1024, + "type": "keyword" + }, + "layer": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "realm": { + "ignore_above": 1024, + "type": "keyword" + }, + "request": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "url": { + "properties": { + "params": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "realm": { + "ignore_above": 1024, + "type": "keyword" + }, + "roles": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "cluster": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "uuid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "component": { + "ignore_above": 1024, + "type": "keyword" + }, + "deprecation": { + "properties": { + "cluster": { + "type": "object" + }, + "node": { + "type": "object" + } + } + }, + "gc": { + "properties": { + "heap": { + "properties": { + "size_kb": { + "type": "long" + }, + "used_kb": { + "type": "long" + } + } + }, + "jvm_runtime_sec": { + "type": "float" + }, + "old_gen": { + "properties": { + "size_kb": { + "type": "long" + }, + "used_kb": { + "type": "long" + } + } + }, + "phase": { + "properties": { + "class_unload_time_sec": { + "type": "float" + }, + "cpu_time": { + "properties": { + "real_sec": { + "type": "float" + }, + "sys_sec": { + "type": "float" + }, + "user_sec": { + "type": "float" + } + } + }, + "duration_sec": { + "type": "float" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "parallel_rescan_time_sec": { + "type": "float" + }, + "scrub_string_table_time_sec": { + "type": "float" + }, + "scrub_symbol_table_time_sec": { + "type": "float" + }, + "weak_refs_processing_time_sec": { + "type": "float" + } + } + }, + "stopping_threads_time_sec": { + "type": "float" + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "threads_total_stop_time_sec": { + "type": "float" + }, + "young_gen": { + "properties": { + "size_kb": { + "type": "long" + }, + "used_kb": { + "type": "long" + } + } + } + } + }, + "index": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "node": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "server": { + "properties": { + "cluster": { + "type": "object" + }, + "gc": { + "properties": { + "collection_duration": { + "properties": { + "ms": { + "type": "float" + } + } + }, + "observation_duration": { + "properties": { + "ms": { + "type": "float" + } + } + }, + "overhead_seq": { + "type": "long" + }, + "young": { + "properties": { + "one": { + "type": "long" + }, + "two": { + "type": "long" + } + } + } + } + }, + "node": { + "type": "object" + }, + "stacktrace": { + "ignore_above": 1024, + "index": false, + "type": "keyword" + } + } + }, + "shard": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "slowlog": { + "properties": { + "extra_source": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "logger": { + "ignore_above": 1024, + "type": "keyword" + }, + "routing": { + "ignore_above": 1024, + "type": "keyword" + }, + "search_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "source_query": { + "ignore_above": 1024, + "type": "keyword" + }, + "stats": { + "ignore_above": 1024, + "type": "keyword" + }, + "took": { + "ignore_above": 1024, + "type": "keyword" + }, + "total_hits": { + "ignore_above": 1024, + "type": "keyword" + }, + "total_shards": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "types": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "error": { + "properties": { + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "type": "date" + }, + "dataset": { + "ignore_above": 1024, + "type": "keyword" + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "sequence": { + "type": "long" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "fields": { + "type": "object" + }, + "file": { + "properties": { + "ctime": { + "type": "date" + }, + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mtime": { + "type": "date" + }, + "owner": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "type": "long" + }, + "target_path": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "fileset": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "haproxy": { + "properties": { + "backend_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "backend_queue": { + "type": "long" + }, + "bind_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes_read": { + "type": "long" + }, + "client": { + "type": "object" + }, + "connection_wait_time_ms": { + "type": "long" + }, + "connections": { + "properties": { + "active": { + "type": "long" + }, + "backend": { + "type": "long" + }, + "frontend": { + "type": "long" + }, + "retries": { + "type": "long" + }, + "server": { + "type": "long" + } + } + }, + "destination": { + "type": "object" + }, + "error_message": { + "norms": false, + "type": "text" + }, + "frontend_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "type": "object" + }, + "http": { + "properties": { + "request": { + "properties": { + "captured_cookie": { + "ignore_above": 1024, + "type": "keyword" + }, + "captured_headers": { + "ignore_above": 1024, + "type": "keyword" + }, + "raw_request_line": { + "ignore_above": 1024, + "type": "keyword" + }, + "time_wait_ms": { + "type": "long" + }, + "time_wait_without_data_ms": { + "type": "long" + } + } + }, + "response": { + "properties": { + "captured_cookie": { + "ignore_above": 1024, + "type": "keyword" + }, + "captured_headers": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "server_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "server_queue": { + "type": "long" + }, + "source": { + "ignore_above": 1024, + "type": "keyword" + }, + "tcp": { + "properties": { + "connection_waiting_time_ms": { + "type": "long" + } + } + }, + "termination_state": { + "ignore_above": 1024, + "type": "keyword" + }, + "time_backend_connect": { + "type": "long" + }, + "time_queue": { + "type": "long" + }, + "total_waiting_time_ms": { + "type": "long" + } + } + }, + "hash": { + "properties": { + "sha256": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "containerized": { + "type": "boolean" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "status_code": { + "type": "long" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "icinga": { + "properties": { + "debug": { + "properties": { + "facility": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "main": { + "properties": { + "facility": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "startup": { + "properties": { + "facility": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "iis": { + "properties": { + "access": { + "properties": { + "cookie": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "type": "object" + }, + "server_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "site_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "sub_status": { + "type": "long" + }, + "user_agent": { + "type": "object" + }, + "win32_status": { + "type": "long" + } + } + }, + "error": { + "properties": { + "geoip": { + "type": "object" + }, + "queue_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "reason_phrase": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "kafka": { + "properties": { + "log": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "component": { + "ignore_above": 1024, + "type": "keyword" + }, + "trace": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + } + } + } + } + } + } + }, + "kibana": { + "properties": { + "log": { + "properties": { + "meta": { + "type": "object" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "kubernetes": { + "properties": { + "annotations": { + "type": "object" + }, + "container": { + "properties": { + "image": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "namespace": { + "ignore_above": 1024, + "type": "keyword" + }, + "node": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pod": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "labels": { + "type": "object" + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "offset": { + "type": "long" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "source": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "logstash": { + "properties": { + "log": { + "properties": { + "log_event": { + "type": "object" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "thread": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "slowlog": { + "properties": { + "event": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "plugin_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "plugin_params": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "plugin_params_object": { + "type": "object" + }, + "plugin_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "thread": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "took_in_millis": { + "type": "long" + } + } + } + } + }, + "message": { + "norms": false, + "type": "text" + }, + "mongodb": { + "properties": { + "log": { + "properties": { + "component": { + "ignore_above": 1024, + "type": "keyword" + }, + "context": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "mysql": { + "properties": { + "error": { + "type": "object" + }, + "slowlog": { + "properties": { + "bytes_sent": { + "type": "long" + }, + "current_user": { + "ignore_above": 1024, + "type": "keyword" + }, + "filesort": { + "type": "boolean" + }, + "filesort_on_disk": { + "type": "boolean" + }, + "full_join": { + "type": "boolean" + }, + "full_scan": { + "type": "boolean" + }, + "innodb": { + "properties": { + "io_r_bytes": { + "type": "long" + }, + "io_r_ops": { + "type": "long" + }, + "io_r_wait": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "pages_distinct": { + "type": "long" + }, + "queue_wait": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "rec_lock_wait": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "trx_id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "killed": { + "ignore_above": 1024, + "type": "keyword" + }, + "last_errno": { + "ignore_above": 1024, + "type": "keyword" + }, + "lock_time": { + "properties": { + "sec": { + "type": "float" + } + } + }, + "log_slow_rate_limit": { + "ignore_above": 1024, + "type": "keyword" + }, + "log_slow_rate_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "merge_passes": { + "type": "long" + }, + "priority_queue": { + "type": "boolean" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "query_cache_hit": { + "type": "boolean" + }, + "rows_affected": { + "type": "long" + }, + "rows_examined": { + "type": "long" + }, + "rows_sent": { + "type": "long" + }, + "schema": { + "ignore_above": 1024, + "type": "keyword" + }, + "tmp_disk_tables": { + "type": "long" + }, + "tmp_table": { + "type": "boolean" + }, + "tmp_table_on_disk": { + "type": "boolean" + }, + "tmp_table_sizes": { + "type": "long" + }, + "tmp_tables": { + "type": "long" + } + } + }, + "thread_id": { + "type": "long" + } + } + }, + "nats": { + "properties": { + "log": { + "properties": { + "client": { + "properties": { + "id": { + "type": "long" + } + } + }, + "msg": { + "properties": { + "bytes": { + "type": "long" + }, + "error": { + "properties": { + "message": { + "norms": false, + "type": "text" + } + } + }, + "max_messages": { + "type": "long" + }, + "queue_group": { + "norms": false, + "type": "text" + }, + "reply_to": { + "ignore_above": 1024, + "type": "keyword" + }, + "sid": { + "type": "long" + }, + "subject": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "network": { + "properties": { + "application": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "community_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "forwarded_ip": { + "type": "ip" + }, + "iana_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + }, + "transport": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "nginx": { + "properties": { + "access": { + "properties": { + "geoip": { + "type": "object" + }, + "user_agent": { + "type": "object" + } + } + }, + "error": { + "properties": { + "connection_id": { + "type": "long" + } + } + } + } + }, + "observer": { + "properties": { + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "serial_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vendor": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "organization": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "osquery": { + "properties": { + "result": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "calendar_time": { + "ignore_above": 1024, + "type": "keyword" + }, + "host_identifier": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "unix_time": { + "type": "long" + } + } + } + } + }, + "postgresql": { + "properties": { + "log": { + "properties": { + "core_id": { + "type": "long" + }, + "database": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "timestamp": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "process": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "executable": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "program": { + "ignore_above": 1024, + "type": "keyword" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + }, + "title": { + "ignore_above": 1024, + "type": "keyword" + }, + "working_directory": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "redis": { + "properties": { + "log": { + "properties": { + "role": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "slowlog": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "cmd": { + "ignore_above": 1024, + "type": "keyword" + }, + "duration": { + "properties": { + "us": { + "type": "long" + } + } + }, + "id": { + "type": "long" + }, + "key": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "related": { + "properties": { + "ip": { + "type": "ip" + } + } + }, + "santa": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "decision": { + "ignore_above": 1024, + "type": "keyword" + }, + "disk": { + "properties": { + "bsdname": { + "ignore_above": 1024, + "type": "keyword" + }, + "bus": { + "ignore_above": 1024, + "type": "keyword" + }, + "fs": { + "ignore_above": 1024, + "type": "keyword" + }, + "model": { + "ignore_above": 1024, + "type": "keyword" + }, + "mount": { + "ignore_above": 1024, + "type": "keyword" + }, + "serial": { + "ignore_above": 1024, + "type": "keyword" + }, + "volume": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "reason": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "server": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "service": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "stream": { + "ignore_above": 1024, + "type": "keyword" + }, + "syslog": { + "properties": { + "facility": { + "type": "long" + }, + "facility_label": { + "ignore_above": 1024, + "type": "keyword" + }, + "priority": { + "type": "long" + }, + "severity_label": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "system": { + "properties": { + "auth": { + "properties": { + "groupadd": { + "type": "object" + }, + "ssh": { + "properties": { + "dropped_ip": { + "type": "ip" + }, + "geoip": { + "type": "object" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "signature": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "sudo": { + "properties": { + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "error": { + "ignore_above": 1024, + "type": "keyword" + }, + "pwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "tty": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "useradd": { + "properties": { + "home": { + "ignore_above": 1024, + "type": "keyword" + }, + "shell": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "syslog": { + "type": "object" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "traefik": { + "properties": { + "access": { + "properties": { + "backend_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "frontend_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "properties": { + "city_name": { + "path": "source.geo.city_name", + "type": "alias" + }, + "continent_name": { + "path": "source.geo.continent_name", + "type": "alias" + }, + "country_iso_code": { + "path": "source.geo.country_iso_code", + "type": "alias" + }, + "location": { + "path": "source.geo.location", + "type": "alias" + }, + "region_iso_code": { + "path": "source.geo.region_iso_code", + "type": "alias" + }, + "region_name": { + "path": "source.geo.region_name", + "type": "alias" + } + } + }, + "request_count": { + "type": "long" + }, + "user_agent": { + "properties": { + "device": { + "path": "user_agent.device.name", + "type": "alias" + }, + "name": { + "path": "user_agent.name", + "type": "alias" + }, + "original": { + "path": "user_agent.original", + "type": "alias" + }, + "os": { + "path": "user_agent.os.full_name", + "type": "alias" + }, + "os_name": { + "path": "user_agent.os.name", + "type": "alias" + } + } + }, + "user_identifier": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "url": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "fragment": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "password": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "scheme": { + "ignore_above": 1024, + "type": "keyword" + }, + "username": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "audit": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "effective": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "filesystem": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "owner": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "saved": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "terminal": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "settings": { + "index": { + "lifecycle": { + "name": "filebeat-8.0.0", + "rollover_alias": "filebeat-8.0.0" + }, + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "number_of_replicas": "1", + "number_of_shards": "1", + "query": { + "default_field": [ + "message", + "tags", + "agent.ephemeral_id", + "agent.id", + "agent.name", + "agent.type", + "agent.version", + "client.address", + "client.domain", + "client.geo.city_name", + "client.geo.continent_name", + "client.geo.country_iso_code", + "client.geo.country_name", + "client.geo.name", + "client.geo.region_iso_code", + "client.geo.region_name", + "client.ip", + "client.mac", + "client.user.email", + "client.user.full_name", + "client.user.group.id", + "client.user.group.name", + "client.user.hash", + "client.user.id", + "client.user.name", + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "container.id", + "container.image.name", + "container.image.tag", + "container.name", + "container.runtime", + "destination.address", + "destination.domain", + "destination.geo.city_name", + "destination.geo.continent_name", + "destination.geo.country_iso_code", + "destination.geo.country_name", + "destination.geo.name", + "destination.geo.region_iso_code", + "destination.geo.region_name", + "destination.ip", + "destination.mac", + "destination.user.email", + "destination.user.full_name", + "destination.user.group.id", + "destination.user.group.name", + "destination.user.hash", + "destination.user.id", + "destination.user.name", + "ecs.version", + "error.code", + "error.id", + "error.message", + "event.action", + "event.category", + "event.dataset", + "event.hash", + "event.id", + "event.kind", + "event.module", + "event.original", + "event.outcome", + "event.timezone", + "event.type", + "file.device", + "file.extension", + "file.gid", + "file.group", + "file.inode", + "file.mode", + "file.owner", + "file.path", + "file.target_path", + "file.type", + "file.uid", + "geo.city_name", + "geo.continent_name", + "geo.country_iso_code", + "geo.country_name", + "geo.name", + "geo.region_iso_code", + "geo.region_name", + "group.id", + "group.name", + "host.architecture", + "host.geo.city_name", + "host.geo.continent_name", + "host.geo.country_iso_code", + "host.geo.country_name", + "host.geo.name", + "host.geo.region_iso_code", + "host.geo.region_name", + "host.hostname", + "host.id", + "host.ip", + "host.mac", + "host.name", + "host.os.family", + "host.os.full", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.user.email", + "host.user.full_name", + "host.user.group.id", + "host.user.group.name", + "host.user.hash", + "host.user.id", + "host.user.name", + "http.request.body.content", + "http.request.method", + "http.request.referrer", + "http.response.body.content", + "http.version", + "log.level", + "log.original", + "network.application", + "network.community_id", + "network.direction", + "network.forwarded_ip", + "network.iana_number", + "network.name", + "network.protocol", + "network.transport", + "network.type", + "observer.geo.city_name", + "observer.geo.continent_name", + "observer.geo.country_iso_code", + "observer.geo.country_name", + "observer.geo.name", + "observer.geo.region_iso_code", + "observer.geo.region_name", + "observer.hostname", + "observer.ip", + "observer.mac", + "observer.os.family", + "observer.os.full", + "observer.os.kernel", + "observer.os.name", + "observer.os.platform", + "observer.os.version", + "observer.serial_number", + "observer.type", + "observer.vendor", + "observer.version", + "organization.id", + "organization.name", + "os.family", + "os.full", + "os.kernel", + "os.name", + "os.platform", + "os.version", + "process.args", + "process.executable", + "process.name", + "process.title", + "process.working_directory", + "related.ip", + "server.address", + "server.domain", + "server.geo.city_name", + "server.geo.continent_name", + "server.geo.country_iso_code", + "server.geo.country_name", + "server.geo.name", + "server.geo.region_iso_code", + "server.geo.region_name", + "server.ip", + "server.mac", + "server.user.email", + "server.user.full_name", + "server.user.group.id", + "server.user.group.name", + "server.user.hash", + "server.user.id", + "server.user.name", + "service.ephemeral_id", + "service.id", + "service.name", + "service.state", + "service.type", + "service.version", + "source.address", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.name", + "source.geo.region_iso_code", + "source.geo.region_name", + "source.ip", + "source.mac", + "source.user.email", + "source.user.full_name", + "source.user.group.id", + "source.user.group.name", + "source.user.hash", + "source.user.id", + "source.user.name", + "url.domain", + "url.fragment", + "url.full", + "url.original", + "url.password", + "url.path", + "url.query", + "url.scheme", + "url.username", + "user.email", + "user.full_name", + "user.group.id", + "user.group.name", + "user.hash", + "user.id", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.family", + "user_agent.os.full", + "user_agent.os.kernel", + "user_agent.os.name", + "user_agent.os.platform", + "user_agent.os.version", + "user_agent.version", + "agent.hostname", + "error.type", + "cloud.project.id", + "host.os.build", + "kubernetes.pod.name", + "kubernetes.pod.uid", + "kubernetes.namespace", + "kubernetes.node.name", + "kubernetes.container.name", + "kubernetes.container.image", + "log.file.path", + "log.source.address", + "stream", + "input.type", + "syslog.severity_label", + "syslog.facility_label", + "process.program", + "log.flags", + "user_agent.os.full_name", + "fileset.name", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher", + "apache.error.module", + "user.terminal", + "user.audit.id", + "user.audit.name", + "user.audit.group.id", + "user.audit.group.name", + "user.effective.id", + "user.effective.name", + "user.effective.group.id", + "user.effective.group.name", + "user.filesystem.id", + "user.filesystem.name", + "user.filesystem.group.id", + "user.filesystem.group.name", + "user.owner.id", + "user.owner.name", + "user.owner.group.id", + "user.owner.group.name", + "user.saved.id", + "user.saved.name", + "user.saved.group.id", + "user.saved.group.name", + "auditd.log.old_auid", + "auditd.log.new_auid", + "auditd.log.old_ses", + "auditd.log.new_ses", + "auditd.log.items", + "auditd.log.item", + "auditd.log.tty", + "auditd.log.a0", + "auditd.log.addr", + "auditd.log.laddr", + "elasticsearch.component", + "elasticsearch.cluster.uuid", + "elasticsearch.cluster.name", + "elasticsearch.node.id", + "elasticsearch.node.name", + "elasticsearch.index.name", + "elasticsearch.index.id", + "elasticsearch.shard.id", + "elasticsearch.audit.layer", + "elasticsearch.audit.origin.type", + "elasticsearch.audit.realm", + "elasticsearch.audit.user.realm", + "elasticsearch.audit.user.roles", + "elasticsearch.audit.action", + "elasticsearch.audit.url.params", + "elasticsearch.audit.indices", + "elasticsearch.audit.request.id", + "elasticsearch.audit.request.name", + "elasticsearch.gc.phase.name", + "elasticsearch.gc.tags", + "elasticsearch.slowlog.logger", + "elasticsearch.slowlog.took", + "elasticsearch.slowlog.types", + "elasticsearch.slowlog.stats", + "elasticsearch.slowlog.search_type", + "elasticsearch.slowlog.source_query", + "elasticsearch.slowlog.extra_source", + "elasticsearch.slowlog.total_hits", + "elasticsearch.slowlog.total_shards", + "elasticsearch.slowlog.routing", + "elasticsearch.slowlog.id", + "elasticsearch.slowlog.type", + "haproxy.frontend_name", + "haproxy.backend_name", + "haproxy.server_name", + "haproxy.bind_name", + "haproxy.error_message", + "haproxy.source", + "haproxy.termination_state", + "haproxy.mode", + "haproxy.http.response.captured_cookie", + "haproxy.http.response.captured_headers", + "haproxy.http.request.captured_cookie", + "haproxy.http.request.captured_headers", + "haproxy.http.request.raw_request_line", + "icinga.debug.facility", + "icinga.main.facility", + "icinga.startup.facility", + "iis.access.site_name", + "iis.access.server_name", + "iis.access.cookie", + "iis.error.reason_phrase", + "iis.error.queue_name", + "kafka.log.component", + "kafka.log.class", + "kafka.log.trace.class", + "kafka.log.trace.message", + "kibana.log.tags", + "kibana.log.state", + "logstash.log.module", + "text", + "logstash.log.thread", + "logstash.slowlog.module", + "text", + "logstash.slowlog.thread", + "text", + "logstash.slowlog.event", + "logstash.slowlog.plugin_name", + "logstash.slowlog.plugin_type", + "text", + "logstash.slowlog.plugin_params", + "mongodb.log.component", + "mongodb.log.context", + "mysql.slowlog.query", + "mysql.slowlog.schema", + "mysql.slowlog.current_user", + "mysql.slowlog.last_errno", + "mysql.slowlog.killed", + "mysql.slowlog.log_slow_rate_type", + "mysql.slowlog.log_slow_rate_limit", + "mysql.slowlog.innodb.trx_id", + "nats.log.msg.type", + "nats.log.msg.subject", + "nats.log.msg.reply_to", + "nats.log.msg.error.message", + "nats.log.msg.queue_group", + "osquery.result.name", + "osquery.result.action", + "osquery.result.host_identifier", + "osquery.result.calendar_time", + "postgresql.log.timestamp", + "postgresql.log.database", + "postgresql.log.query", + "redis.log.role", + "redis.slowlog.cmd", + "redis.slowlog.key", + "redis.slowlog.args", + "santa.action", + "santa.decision", + "santa.reason", + "santa.mode", + "santa.disk.volume", + "santa.disk.bus", + "santa.disk.serial", + "santa.disk.bsdname", + "santa.disk.model", + "santa.disk.fs", + "santa.disk.mount", + "certificate.common_name", + "certificate.sha256", + "hash.sha256", + "system.auth.ssh.method", + "system.auth.ssh.signature", + "system.auth.ssh.dropped_ip", + "system.auth.sudo.error", + "system.auth.sudo.tty", + "system.auth.sudo.pwd", + "system.auth.sudo.user", + "system.auth.sudo.command", + "system.auth.useradd.home", + "system.auth.useradd.shell", + "traefik.access.user_identifier", + "traefik.access.frontend_name", + "traefik.access.backend_url", + "fields.*" + ] + }, + "refresh_interval": "5s" + } + } + } +} \ No newline at end of file