{"create":{"_index":"filebeat-7.6.0","pipeline":"filebeat-7.6.0-elasticsearch-audit-pipeline"}}
{"@timestamp":"2020-02-25T04:22:03.281Z","kubernetes":{"namespace":"default","statefulset":{"name":"quickstart-es-default"},"container":{"name":"elasticsearch","image":"docker.elastic.co/elasticsearch/elasticsearch:7.6.0"},"node":{"name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"pod":{"name":"quickstart-es-default-3","uid":"50731f12-5786-11ea-8caa-42010a8001f0","labels":{"statefulset_kubernetes_io/pod-name":"quickstart-es-default-3","common_k8s_elastic_co/type":"elasticsearch","controller-revision-hash":"quickstart-es-default-6f757c6568","elasticsearch_k8s_elastic_co/node-ingest":"true","elasticsearch_k8s_elastic_co/version":"7.6.0","elasticsearch_k8s_elastic_co/statefulset-name":"quickstart-es-default","elasticsearch_k8s_elastic_co/node-ml":"true","elasticsearch_k8s_elastic_co/config-hash":"170688583","elasticsearch_k8s_elastic_co/node-master":"true","elasticsearch_k8s_elastic_co/cluster-name":"quickstart","elasticsearch_k8s_elastic_co/http-scheme":"http","elasticsearch_k8s_elastic_co/node-data":"true"}}},"agent":{"id":"380f108b-197b-4a15-9c8b-c4f0108602bb","version":"7.6.0","type":"filebeat","ephemeral_id":"c0c7819c-6100-405f-9dcc-5e6b18452576","hostname":"infosec-filebeat-qfr66"},"ecs":{"version":"1.4.0"},"host":{"hostname":"infosec-filebeat-qfr66","architecture":"x86_64","os":{"kernel":"4.14.138+","codename":"Core","platform":"centos","version":"7 (Core)","family":"redhat","name":"CentOS Linux"},"name":"infosec-filebeat-qfr66","containerized":false},"input":{"type":"container"},"event":{"module":"elasticsearch","dataset":"elasticsearch.audit","timezone":"+00:00"},"cloud":{"provider":"gcp","instance":{"id":"6308088924442587791","name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"machine":{"type":"n1-standard-8"},"availability_zone":"us-central1-a","project":{"id":"elastic-infosec-dev"}},"log":{"offset":22243,"file":{"path":"/var/lib/docker/containers/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b-json.log"}},"stream":"stdout","message":"{\"type\": \"server\", \"timestamp\": \"2020-02-25T04:22:03,280Z\", \"level\": \"INFO\", \"component\": \"o.e.n.Node\", \"cluster.name\": \"quickstart\", \"node.name\": \"quickstart-es-default-3\", \"message\": \"started\", \"cluster.uuid\": \"RmUMe201Tt-7-drDKhylLg\", \"node.id\": \"LgnVXEX3QKq1TpAk0e9W9Q\"  }","fileset":{"name":"audit"},"service":{"type":"elasticsearch"}}
{"create":{"_index":"filebeat-7.6.0","pipeline":"filebeat-7.6.0-elasticsearch-deprecation-pipeline"}}
{"@timestamp":"2020-02-25T04:22:03.281Z","kubernetes":{"namespace":"default","statefulset":{"name":"quickstart-es-default"},"container":{"name":"elasticsearch","image":"docker.elastic.co/elasticsearch/elasticsearch:7.6.0"},"node":{"name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"pod":{"labels":{"elasticsearch_k8s_elastic_co/statefulset-name":"quickstart-es-default","elasticsearch_k8s_elastic_co/node-ml":"true","elasticsearch_k8s_elastic_co/version":"7.6.0","statefulset_kubernetes_io/pod-name":"quickstart-es-default-3","elasticsearch_k8s_elastic_co/cluster-name":"quickstart","elasticsearch_k8s_elastic_co/config-hash":"170688583","elasticsearch_k8s_elastic_co/http-scheme":"http","controller-revision-hash":"quickstart-es-default-6f757c6568","elasticsearch_k8s_elastic_co/node-ingest":"true","elasticsearch_k8s_elastic_co/node-data":"true","elasticsearch_k8s_elastic_co/node-master":"true","common_k8s_elastic_co/type":"elasticsearch"},"name":"quickstart-es-default-3","uid":"50731f12-5786-11ea-8caa-42010a8001f0"}},"host":{"name":"infosec-filebeat-qfr66","containerized":false,"hostname":"infosec-filebeat-qfr66","architecture":"x86_64","os":{"kernel":"4.14.138+","codename":"Core","platform":"centos","version":"7 (Core)","family":"redhat","name":"CentOS Linux"}},"agent":{"type":"filebeat","ephemeral_id":"c0c7819c-6100-405f-9dcc-5e6b18452576","hostname":"infosec-filebeat-qfr66","id":"380f108b-197b-4a15-9c8b-c4f0108602bb","version":"7.6.0"},"input":{"type":"container"},"event":{"module":"elasticsearch","dataset":"elasticsearch.deprecation"},"fileset":{"name":"deprecation"},"service":{"type":"elasticsearch"},"ecs":{"version":"1.4.0"},"cloud":{"instance":{"id":"6308088924442587791","name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"machine":{"type":"n1-standard-8"},"availability_zone":"us-central1-a","project":{"id":"elastic-infosec-dev"},"provider":"gcp"},"log":{"offset":22243,"file":{"path":"/var/lib/docker/containers/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b-json.log"}},"stream":"stdout","message":"{\"type\": \"server\", \"timestamp\": \"2020-02-25T04:22:03,280Z\", \"level\": \"INFO\", \"component\": \"o.e.n.Node\", \"cluster.name\": \"quickstart\", \"node.name\": \"quickstart-es-default-3\", \"message\": \"started\", \"cluster.uuid\": \"RmUMe201Tt-7-drDKhylLg\", \"node.id\": \"LgnVXEX3QKq1TpAk0e9W9Q\"  }"}
{"create":{"_index":"filebeat-7.6.0","pipeline":"filebeat-7.6.0-elasticsearch-server-pipeline"}}
{"@timestamp":"2020-02-25T04:22:03.281Z","log":{"file":{"path":"/var/lib/docker/containers/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b-json.log"},"offset":22243},"stream":"stdout","input":{"type":"container"},"event":{"module":"elasticsearch","dataset":"elasticsearch.server"},"host":{"name":"infosec-filebeat-qfr66","os":{"kernel":"4.14.138+","codename":"Core","platform":"centos","version":"7 (Core)","family":"redhat","name":"CentOS Linux"},"containerized":false,"hostname":"infosec-filebeat-qfr66","architecture":"x86_64"},"agent":{"type":"filebeat","ephemeral_id":"c0c7819c-6100-405f-9dcc-5e6b18452576","hostname":"infosec-filebeat-qfr66","id":"380f108b-197b-4a15-9c8b-c4f0108602bb","version":"7.6.0"},"message":"{\"type\": \"server\", \"timestamp\": \"2020-02-25T04:22:03,280Z\", \"level\": \"INFO\", \"component\": \"o.e.n.Node\", \"cluster.name\": \"quickstart\", \"node.name\": \"quickstart-es-default-3\", \"message\": \"started\", \"cluster.uuid\": \"RmUMe201Tt-7-drDKhylLg\", \"node.id\": \"LgnVXEX3QKq1TpAk0e9W9Q\"  }","fileset":{"name":"server"},"service":{"type":"elasticsearch"},"kubernetes":{"node":{"name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"pod":{"labels":{"elasticsearch_k8s_elastic_co/cluster-name":"quickstart","elasticsearch_k8s_elastic_co/node-ingest":"true","elasticsearch_k8s_elastic_co/version":"7.6.0","statefulset_kubernetes_io/pod-name":"quickstart-es-default-3","elasticsearch_k8s_elastic_co/config-hash":"170688583","controller-revision-hash":"quickstart-es-default-6f757c6568","elasticsearch_k8s_elastic_co/statefulset-name":"quickstart-es-default","elasticsearch_k8s_elastic_co/node-data":"true","elasticsearch_k8s_elastic_co/node-master":"true","elasticsearch_k8s_elastic_co/node-ml":"true","common_k8s_elastic_co/type":"elasticsearch","elasticsearch_k8s_elastic_co/http-scheme":"http"},"name":"quickstart-es-default-3","uid":"50731f12-5786-11ea-8caa-42010a8001f0"},"namespace":"default","statefulset":{"name":"quickstart-es-default"},"container":{"name":"elasticsearch","image":"docker.elastic.co/elasticsearch/elasticsearch:7.6.0"}},"ecs":{"version":"1.4.0"},"cloud":{"machine":{"type":"n1-standard-8"},"availability_zone":"us-central1-a","project":{"id":"elastic-infosec-dev"},"provider":"gcp","instance":{"id":"6308088924442587791","name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"}}}
{"create":{"_index":"filebeat-7.6.0","pipeline":"filebeat-7.6.0-elasticsearch-slowlog-pipeline"}}
{"@timestamp":"2020-02-25T04:22:03.281Z","fileset":{"name":"slowlog"},"service":{"type":"elasticsearch"},"ecs":{"version":"1.4.0"},"log":{"offset":22243,"file":{"path":"/var/lib/docker/containers/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b/bfb939a71d5e699a4ce29f6611b39166537194d892a815c57b61109fd829446b-json.log"}},"stream":"stdout","message":"{\"type\": \"server\", \"timestamp\": \"2020-02-25T04:22:03,280Z\", \"level\": \"INFO\", \"component\": \"o.e.n.Node\", \"cluster.name\": \"quickstart\", \"node.name\": \"quickstart-es-default-3\", \"message\": \"started\", \"cluster.uuid\": \"RmUMe201Tt-7-drDKhylLg\", \"node.id\": \"LgnVXEX3QKq1TpAk0e9W9Q\"  }","input":{"type":"container"},"event":{"module":"elasticsearch","dataset":"elasticsearch.slowlog"},"host":{"architecture":"x86_64","os":{"version":"7 (Core)","family":"redhat","name":"CentOS Linux","kernel":"4.14.138+","codename":"Core","platform":"centos"},"containerized":false,"hostname":"infosec-filebeat-qfr66","name":"infosec-filebeat-qfr66"},"cloud":{"instance":{"id":"6308088924442587791","name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"machine":{"type":"n1-standard-8"},"availability_zone":"us-central1-a","project":{"id":"elastic-infosec-dev"},"provider":"gcp"},"kubernetes":{"namespace":"default","statefulset":{"name":"quickstart-es-default"},"container":{"name":"elasticsearch","image":"docker.elastic.co/elasticsearch/elasticsearch:7.6.0"},"node":{"name":"gke-spencer-eck-test-default-pool-9949f3b4-07t4"},"pod":{"uid":"50731f12-5786-11ea-8caa-42010a8001f0","labels":{"elasticsearch_k8s_elastic_co/version":"7.6.0","elasticsearch_k8s_elastic_co/node-ingest":"true","elasticsearch_k8s_elastic_co/node-data":"true","common_k8s_elastic_co/type":"elasticsearch","elasticsearch_k8s_elastic_co/config-hash":"170688583","controller-revision-hash":"quickstart-es-default-6f757c6568","elasticsearch_k8s_elastic_co/http-scheme":"http","elasticsearch_k8s_elastic_co/cluster-name":"quickstart","elasticsearch_k8s_elastic_co/statefulset-name":"quickstart-es-default","elasticsearch_k8s_elastic_co/node-master":"true","elasticsearch_k8s_elastic_co/node-ml":"true","statefulset_kubernetes_io/pod-name":"quickstart-es-default-3"},"name":"quickstart-es-default-3"}},"agent":{"type":"filebeat","ephemeral_id":"c0c7819c-6100-405f-9dcc-5e6b18452576","hostname":"infosec-filebeat-qfr66","id":"380f108b-197b-4a15-9c8b-c4f0108602bb","version":"7.6.0"}}