[Filebeat] Sort array fields in generated data (#25320)

- sort arrays by using string representation of values - update generated data (cherry picked from commit 52f2265)
elastic · May 14, 2021 · 3ed2dce · 3ed2dce
1 parent 2b0b270
commit 3ed2dce
Show file tree

Hide file tree

Showing 274 changed files with 19,501 additions and 18,643 deletions.
diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc
@@ -105,3 +105,4 @@ The list below covers the major changes between 7.0.0-rc2 and master only.
 - Update Go version to 1.15.9. {pull}24442[24442]
 - Update Go version to 1.15.10. {pull}24606[24606]
 - Update Go version to 1.15.12. {pull}25629[25629]
+- Add sorting to array fields for generated data files (*-generated.json) {pull}25320[25320]
diff --git a/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json b/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json
@@ -45,8 +45,8 @@
             "changed-audit-configuration"
         ],
         "event.category": [
-            "process",
-            "configuration"
+            "configuration",
+            "process"
         ],
         "event.dataset": "auditd.log",
         "event.kind": "event",
@@ -75,8 +75,8 @@
             "changed-audit-configuration"
         ],
         "event.category": [
-            "process",
-            "configuration"
+            "configuration",
+            "process"
         ],
         "event.dataset": "auditd.log",
         "event.kind": "event",

diff --git a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json
@@ -86,8 +86,8 @@
         "input.type": "log",
         "log.offset": 373,
         "process.args": [
-            "/usr/lib64/nagios/plugins/check_asterisk_sip_peers",
             "-p",
+            "/usr/lib64/nagios/plugins/check_asterisk_sip_peers",
             "202"
         ],
         "process.args_count": 3,

diff --git a/filebeat/module/auditd/log/test/test.log-expected.json b/filebeat/module/auditd/log/test/test.log-expected.json
@@ -88,8 +88,8 @@
         "input.type": "log",
         "log.offset": 536,
         "process.args": [
-            "/usr/lib64/nagios/plugins/check_asterisk_sip_peers",
             "-p",
+            "/usr/lib64/nagios/plugins/check_asterisk_sip_peers",
             "202"
         ],
         "process.args_count": 3,

diff --git a/filebeat/module/auditd/log/test/useradd.log-expected.json b/filebeat/module/auditd/log/test/useradd.log-expected.json
@@ -20,8 +20,8 @@
         "event.original": "type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'",
         "event.outcome": "success",
         "event.type": [
-            "group",
-            "creation"
+            "creation",
+            "group"
         ],
         "fileset.name": "log",
         "group.id": "1004",
@@ -58,8 +58,8 @@
         "event.original": "type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'",
         "event.outcome": "success",
         "event.type": [
-            "group",
-            "creation"
+            "creation",
+            "group"
         ],
         "fileset.name": "log",
         "group.id": "1004",
@@ -95,8 +95,8 @@
         "event.original": "type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'",
         "event.outcome": "success",
         "event.type": [
-            "group",
-            "creation"
+            "creation",
+            "group"
         ],
         "fileset.name": "log",
         "group.id": "1004",
@@ -133,8 +133,8 @@
         "event.original": "type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe=\"/usr/sbin/useradd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'",
         "event.outcome": "success",
         "event.type": [
-            "user",
-            "creation"
+            "creation",
+            "user"
         ],
         "fileset.name": "log",
         "input.type": "log",
@@ -207,8 +207,8 @@
         "event.original": "type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct=\"charlie\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'",
         "event.outcome": "success",
         "event.type": [
-            "user",
-            "change"
+            "change",
+            "user"
         ],
         "fileset.name": "log",
         "input.type": "log",

diff --git a/filebeat/module/elasticsearch/audit/test/test-access.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-access.log-expected.json
@@ -170,10 +170,10 @@
         "elasticsearch.audit.action": "indices:data/read/search[free_context]",
         "elasticsearch.audit.event_type": "access_granted",
         "elasticsearch.audit.indices": [
-            "foo-2019.01.04",
             "foo-2019.01.03",
-            "foo-2019.01.06",
+            "foo-2019.01.04",
             "foo-2019.01.05",
+            "foo-2019.01.06",
             "foo-2019.01.08",
             "servicelog-2019.01.07"
         ],
@@ -182,9 +182,9 @@
         "elasticsearch.audit.realm": "active_directory",
         "elasticsearch.audit.request.name": "SearchFreeContextRequest",
         "elasticsearch.audit.user.roles": [
+            "foo_reader",
             "kibana_user",
-            "my_custom_role_1",
-            "foo_reader"
+            "my_custom_role_1"
         ],
         "elasticsearch.node.name": "NodeName-0",
         "event.category": "database",

diff --git a/filebeat/module/elasticsearch/audit/test/test-audit-761.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit-761.log-expected.json
@@ -18,8 +18,8 @@
         "elasticsearch.audit.request.name": "MultiGetShardRequest",
         "elasticsearch.audit.user.realm": "native1",
         "elasticsearch.audit.user.roles": [
-            "logstash_admin",
-            "cluster_monitor"
+            "cluster_monitor",
+            "logstash_admin"
         ],
         "elasticsearch.node.id": "vvj136QVQ2Ci2aXmrhyi3Q",
         "event.action": "access_granted",

diff --git a/filebeat/module/elasticsearch/gc/test/gc.log-expected.json b/filebeat/module/elasticsearch/gc/test/gc.log-expected.json
@@ -19,9 +19,9 @@
     {
         "@timestamp": "2018-06-13T07:44:22.647Z",
         "elasticsearch.gc.tags": [
+            "coops",
             "gc",
-            "heap",
-            "coops"
+            "heap"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -737,8 +737,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.343Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -755,8 +755,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.343Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -773,8 +773,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.343Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -864,8 +864,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.343Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -951,8 +951,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.347Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1038,8 +1038,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.348Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1090,8 +1090,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.350Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1176,8 +1176,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.595Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1246,8 +1246,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.618Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1315,8 +1315,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.618Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1367,8 +1367,8 @@
     {
         "@timestamp": "2018-06-13T07:44:24.619Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "cpu"
+            "cpu",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1628,8 +1628,8 @@
     {
         "@timestamp": "2018-06-13T07:44:25.167Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1646,8 +1646,8 @@
     {
         "@timestamp": "2018-06-13T07:44:25.167Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1664,8 +1664,8 @@
     {
         "@timestamp": "2018-06-13T07:44:25.167Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",
@@ -1682,8 +1682,8 @@
     {
         "@timestamp": "2018-06-13T07:44:25.167Z",
         "elasticsearch.gc.tags": [
-            "gc",
-            "age"
+            "age",
+            "gc"
         ],
         "event.category": "database",
         "event.dataset": "elasticsearch.gc",