From 6843c55a5dc4376327d564e80b8dfe5ec5d23711 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Mon, 10 Aug 2020 09:53:08 -0500 Subject: [PATCH] fix event.type have incorrect value in system/syslog (#20390) event.type was being set to event. event is not one of the allowed values for event.type in ECS. Changing field to event.kind, where event is an allowed value. Closes #20365 --- CHANGELOG.next.asciidoc | 1 + .../module/system/syslog/ingest/pipeline.yml | 2 +- .../darwin-syslog-sample.log-expected.json | 6 +- .../test/darwin-syslog.log-expected.json | 200 +++++++++--------- .../syslog/test/suse-syslog.log-expected.json | 4 +- .../syslog/test/tz-offset.log-expected.json | 6 +- 6 files changed, 110 insertions(+), 109 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6ab646f2229..8131ad3b874 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -236,6 +236,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix mapping exception in the `googlecloud/audit` dataset pipeline. {issue}18465[18465] {pull}20465[20465] - Fix `cisco` asa and ftd parsing of messages 106102 and 106103. {pull}20469[20469] - Improve validation checks for Azure configuration {issue}20369[20369] {pull}20389[20389] +- Fix event.kind for system/syslog pipeline {issue}20365[20365] {pull}20390[20390] *Heartbeat* diff --git a/filebeat/module/system/syslog/ingest/pipeline.yml b/filebeat/module/system/syslog/ingest/pipeline.yml index 2963ba410b0..e45cacec6b6 100644 --- a/filebeat/module/system/syslog/ingest/pipeline.yml +++ b/filebeat/module/system/syslog/ingest/pipeline.yml @@ -52,7 +52,7 @@ processors: - remove: field: system.syslog.timestamp - set: - field: event.type + field: event.kind value: event on_failure: - set: diff --git a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json index 5a164aef94f..7fd9929cf9e 100644 --- a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json +++ b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json @@ -1,9 +1,9 @@ [ { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -18,9 +18,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -32,9 +32,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "input.type": "log", "log.offset": 1176, diff --git a/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json b/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json index 45d44816cd1..f1abb5047d5 100644 --- a/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json +++ b/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json @@ -1,9 +1,9 @@ [ { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -15,9 +15,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -32,9 +32,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -46,9 +46,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -60,9 +60,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -77,9 +77,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -91,9 +91,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -105,9 +105,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -122,9 +122,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -136,9 +136,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -150,9 +150,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -164,9 +164,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -178,9 +178,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -192,9 +192,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -206,9 +206,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -220,9 +220,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -234,9 +234,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -248,9 +248,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -262,9 +262,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -276,9 +276,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -290,9 +290,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -304,9 +304,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -318,9 +318,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -335,9 +335,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -349,9 +349,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -366,9 +366,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -380,9 +380,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -394,9 +394,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -408,9 +408,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -422,9 +422,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -436,9 +436,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -450,9 +450,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -464,9 +464,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -481,9 +481,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -495,9 +495,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -512,9 +512,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -526,9 +526,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -540,9 +540,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -554,9 +554,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -568,9 +568,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -581,9 +581,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -595,9 +595,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -609,9 +609,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -623,9 +623,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -636,9 +636,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -649,9 +649,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -663,9 +663,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -676,9 +676,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -690,9 +690,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -704,9 +704,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -717,9 +717,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -731,9 +731,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -745,9 +745,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -759,9 +759,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -772,9 +772,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -786,9 +786,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -799,9 +799,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -813,9 +813,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -826,9 +826,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -840,9 +840,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -854,9 +854,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -868,9 +868,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -881,9 +881,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -895,9 +895,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -908,9 +908,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -922,9 +922,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -936,9 +936,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -950,9 +950,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -963,9 +963,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -977,9 +977,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -991,9 +991,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1004,9 +1004,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1018,9 +1018,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1032,9 +1032,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1045,9 +1045,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1059,9 +1059,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1073,9 +1073,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1086,9 +1086,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1100,9 +1100,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1113,9 +1113,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1127,9 +1127,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1140,9 +1140,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1154,9 +1154,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1168,9 +1168,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1182,9 +1182,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1196,9 +1196,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1209,9 +1209,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1223,9 +1223,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1237,9 +1237,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1250,9 +1250,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1264,9 +1264,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1278,9 +1278,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1291,9 +1291,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1305,9 +1305,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1318,9 +1318,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1332,9 +1332,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1346,9 +1346,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1360,9 +1360,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1373,9 +1373,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", @@ -1387,9 +1387,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "a-mac-with-esc-key", "input.type": "log", diff --git a/filebeat/module/system/syslog/test/suse-syslog.log-expected.json b/filebeat/module/system/syslog/test/suse-syslog.log-expected.json index f517557a26e..48cbc44161b 100644 --- a/filebeat/module/system/syslog/test/suse-syslog.log-expected.json +++ b/filebeat/module/system/syslog/test/suse-syslog.log-expected.json @@ -1,9 +1,9 @@ [ { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "linux-sqrz", "input.type": "log", @@ -15,9 +15,9 @@ }, { "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "linux-sqrz", "input.type": "log", diff --git a/filebeat/module/system/syslog/test/tz-offset.log-expected.json b/filebeat/module/system/syslog/test/tz-offset.log-expected.json index f2e167a1fd7..2dfd146dedc 100644 --- a/filebeat/module/system/syslog/test/tz-offset.log-expected.json +++ b/filebeat/module/system/syslog/test/tz-offset.log-expected.json @@ -2,9 +2,9 @@ { "@timestamp": "1986-04-25T19:23:45.101-02:00", "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "rmbkmonitor04", "input.type": "log", @@ -18,9 +18,9 @@ { "@timestamp": "1986-04-25T19:23:45.388-02:00", "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "rmbkmonitor04", "input.type": "log", @@ -33,9 +33,9 @@ { "@timestamp": "2019-06-14T10:40:20.912-02:00", "event.dataset": "system.syslog", + "event.kind": "event", "event.module": "system", "event.timezone": "-02:00", - "event.type": "event", "fileset.name": "syslog", "host.hostname": "localhost", "input.type": "log",