Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix healthcheck in ES compose service #20511

Merged
merged 1 commit into from
Aug 10, 2020
Merged

Fix healthcheck in ES compose service #20511

merged 1 commit into from
Aug 10, 2020

Conversation

jsoriano
Copy link
Member

Python is not included anymore on Elasticsearch images, change the
healthcheck to be based on curl and the easier to parse cat API.

This fixes failures in CI with master branch.

@jsoriano
Fix healthcheck in ES compose service
c5ca485 
Python is not included anymore on Elasticsearch images, change the
healthcheck to be based on curl and the easier to parse cat API.
@jsoriano jsoriano added review :Testing Team:Integrations Label for the Integrations team labels Aug 10, 2020
@jsoriano jsoriano self-assigned this Aug 10, 2020
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 10, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations (Team:Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Aug 10, 2020
@jsoriano jsoriano added the needs_backport PR is waiting to be backported to other branches. label Aug 10, 2020
ChrsMark
ChrsMark approved these changes Aug 10, 2020
View reviewed changes
Copy link
Member

@ChrsMark ChrsMark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks for fixing this!

@elasticmachine
Copy link
Collaborator

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20511 opened]

  • Start Time: 2020-08-10T11:41:31.229+0000

  • Duration: 70 min 24 sec

Test stats 🧪

Test Results
Failed 1
Passed 4425
Skipped 567
Total 4993

Test errors

Expand to view the tests failures

  • Name: Build and Test / Auditbeat x-pack / test_dns_long_request – x-pack.auditbeat.tests.system.test_system_socket.Test

    • Age: 1
    • Duration: 29.977
    • Error Details: AssertionError: The events in: [ { "@timestamp": "2020-08-10T12:13:01.730Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 64, "client.ip": "127.28.95.203", "client.packets": 1, "client.port": 45503, "destination.bytes": 72, "destination.ip": "127.218.253.253", "destination.packets": 1, "destination.port": 53, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 77221, "event.end": "2020-08-10T12:12:58.831Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:12:58.831Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 136, "network.community_id": "1:z2joNYIY1dp/XWRPZcbglmdvrrc=", "network.direction": "inbound", "network.packets": 2, "network.transport": "udp", "network.type": "ipv4", "process.args": [ "/go/src/github.com/elastic/beats/build/ve/docker/bin/python3", "/go/src/github.com/elastic/beats/build/ve/docker/bin/pytest", "--timeout=90", "--durations=20", "--junit-xml=build/TEST-python-integration.xml", "tests/system/test_metricsets.py", "tests/system/test_system_socket.py" ], "process.created": "2020-08-10T12:12:27.460Z", "process.executable": "/usr/bin/python3.7", "process.name": "pytest", "process.pid": 18, "related.ip": [ "127.218.253.253", "127.28.95.203" ], "related.user": [ "root" ], "server.bytes": 72, "server.ip": "127.218.253.253", "server.packets": 1, "server.port": 53, "service.type": "system", "source.bytes": 64, "source.ip": "127.28.95.203", "source.packets": 1, "source.port": 45503, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcc34e46a40", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:01.730Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 56, "client.ip": "127.28.95.203", "client.packets": 1, "client.port": 45503, "destination.bytes": 80, "destination.ip": "127.218.253.253", "destination.packets": 1, "destination.port": 53, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 262308, "event.end": "2020-08-10T12:12:58.831Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:12:58.831Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 136, "network.community_id": "1:z2joNYIY1dp/XWRPZcbglmdvrrc=", "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", "network.type": "ipv4", "process.args": [ "/go/src/github.com/elastic/beats/build/ve/docker/bin/python3", "/go/src/github.com/elastic/beats/build/ve/docker/bin/pytest", "--timeout=90", "--durations=20", "--junit-xml=build/TEST-python-integration.xml", "tests/system/test_metricsets.py", "tests/system/test_system_socket.py" ], "process.created": "2020-08-10T12:12:27.460Z", "process.executable": "/usr/bin/python3.7", "process.name": "pytest", "process.pid": 28443, "related.ip": [ "127.28.95.203", "127.218.253.253" ], "related.user": [ "root" ], "server.bytes": 80, "server.ip": "127.218.253.253", "server.packets": 1, "server.port": 53, "service.type": "system", "source.bytes": 56, "source.ip": "127.28.95.203", "source.packets": 1, "source.port": 45503, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcc34e472c0", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:03.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 8734, "client.ip": "10.224.2.62", "client.packets": 4, "client.port": 55978, "destination.bytes": 358, "destination.ip": "35.184.73.24", "destination.packets": 9, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 1795783877, "event.end": "2020-08-10T12:13:00.901Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:12:59.105Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 9092, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 13, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 358, "server.ip": "35.184.73.24", "server.packets": 9, "server.port": 5001, "service.type": "system", "source.bytes": 8734, "source.ip": "10.224.2.62", "source.packets": 4, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:05.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 76, "client.ip": "10.224.2.62", "client.packets": 1, "client.port": 56546, "destination.bytes": 84, "destination.ip": "169.254.169.254", "destination.packets": 1, "destination.port": 123, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 652210, "event.end": "2020-08-10T12:13:03.092Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:03.091Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "115", "host.name": "eba0478be7ce", "network.bytes": 160, "network.community_id": "1:IoGwKSSngJIwL9vMArKyguY9ejU=", "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", "network.type": "ipv4", "process.args": [ "/usr/sbin/chronyd" ], "process.created": "2020-08-10T12:05:24.440Z", "process.executable": "/usr/sbin/chronyd", "process.name": "chronyd", "process.pid": 1987, "related.ip": [ "10.224.2.62", "169.254.169.254" ], "server.bytes": 84, "server.ip": "169.254.169.254", "server.packets": 1, "server.port": 123, "service.type": "system", "source.bytes": 76, "source.ip": "10.224.2.62", "source.packets": 1, "source.port": 56546, "system.audit.socket.egid": 115, "system.audit.socket.euid": 111, "system.audit.socket.gid": 115, "system.audit.socket.kernel_sock_address": "0xffff8fcdb8276600", "system.audit.socket.uid": 111, "user.id": "111" }, { "@timestamp": "2020-08-10T12:13:06.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2226, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 55978, "destination.bytes": 131, "destination.ip": "35.184.73.24", "destination.packets": 3, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 2158865, "event.end": "2020-08-10T12:13:03.907Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:03.905Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2357, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 5, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 131, "server.ip": "35.184.73.24", "server.packets": 3, "server.port": 5001, "service.type": "system", "source.bytes": 2226, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:06.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 134605, "client.ip": "10.224.2.62", "client.packets": 27, "client.port": 40428, "destination.bytes": 2531, "destination.ip": "35.232.239.42", "destination.packets": 18, "destination.port": 9200, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 5017463057, "event.end": "2020-08-10T12:13:04.696Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:12:59.679Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 137136, "network.community_id": "1:n+N0rJdW/lWHSDMQ/4S7oT1UXzw=", "network.direction": "unknown", "network.packets": 45, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat-secops", "-e", "-c", "/etc/auditbeat-secops/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/opt/auditbeat-7.8.0-linux-x86_64/auditbeat", "process.name": "auditbeat-secop", "process.pid": 2050, "related.ip": [ "10.224.2.62", "35.232.239.42" ], "related.user": [ "root" ], "server.bytes": 2531, "server.ip": "35.232.239.42", "server.packets": 18, "server.port": 9200, "service.type": "system", "source.bytes": 134605, "source.ip": "10.224.2.62", "source.packets": 27, "source.port": 40428, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb597b480", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:08.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 1198, "client.ip": "127.0.0.1", "client.packets": 4, "client.port": 46038, "destination.bytes": 1564, "destination.ip": "127.0.0.1", "destination.packets": 3, "destination.port": 8778, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 3163220, "event.end": "2020-08-10T12:13:06.124Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:06.121Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2762, "network.community_id": "1:UvGwYieoYdhpg4yFy+2uMQY1370=", "network.direction": "unknown", "network.packets": 7, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/metricbeat", "-e", "-c", "/etc/metricbeat/metricbeat.yml", "--path.home", "/etc/metricbeat" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/metricbeat-7.3.2-linux-x86_64/metricbeat", "process.name": "metricbeat", "process.pid": 2046, "related.ip": [ "127.0.0.1", "127.0.0.1" ], "related.user": [ "root" ], "server.bytes": 1564, "server.ip": "127.0.0.1", "server.packets": 3, "server.port": 8778, "service.type": "system", "source.bytes": 1198, "source.ip": "127.0.0.1", "source.packets": 4, "source.port": 46038, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b4bd40", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:08.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 1624, "client.ip": "127.0.0.1", "client.packets": 3, "client.port": 8778, "destination.bytes": 1118, "destination.ip": "127.0.0.1", "destination.packets": 4, "destination.port": 46038, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 3027484, "event.end": "2020-08-10T12:13:06.124Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:06.121Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2742, "network.community_id": "1:UvGwYieoYdhpg4yFy+2uMQY1370=", "network.direction": "unknown", "network.packets": 7, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/metricbeat", "-e", "-c", "/etc/metricbeat/metricbeat.yml", "--path.home", "/etc/metricbeat" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/metricbeat-7.3.2-linux-x86_64/metricbeat", "process.name": "metricbeat", "process.pid": 2046, "related.ip": [ "127.0.0.1", "127.0.0.1" ], "related.user": [ "root" ], "server.bytes": 1118, "server.ip": "127.0.0.1", "server.packets": 4, "server.port": 46038, "service.type": "system", "source.bytes": 1624, "source.ip": "127.0.0.1", "source.packets": 3, "source.port": 8778, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdddcb9280", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:09.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2223, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 55978, "destination.bytes": 99, "destination.ip": "35.184.73.24", "destination.packets": 2, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 1872806, "event.end": "2020-08-10T12:13:06.910Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:06.908Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2322, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 4, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 99, "server.ip": "35.184.73.24", "server.packets": 2, "server.port": 5001, "service.type": "system", "source.bytes": 2223, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:09.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2254, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 38780, "destination.bytes": 627, "destination.ip": "13.56.41.133", "destination.packets": 2, "destination.port": 9243, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 59959709, "event.end": "2020-08-10T12:13:07.185Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:07.125Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2881, "network.community_id": "1:Clnw3Poaz9rMd940EPU4bs4zTQw=", "network.direction": "unknown", "network.packets": 4, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/metricbeat", "-e", "-c", "/etc/metricbeat/metricbeat.yml", "--path.home", "/etc/metricbeat" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/metricbeat-7.3.2-linux-x86_64/metricbeat", "process.name": "metricbeat", "process.pid": 2046, "related.ip": [ "10.224.2.62", "13.56.41.133" ], "related.user": [ "root" ], "server.bytes": 627, "server.ip": "13.56.41.133", "server.packets": 2, "server.port": 9243, "service.type": "system", "source.bytes": 2254, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 38780, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb597c600", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:09.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 59948, "client.ip": "10.224.2.62", "client.packets": 88, "client.port": 53056, "destination.bytes": 94300, "destination.ip": "10.224.0.26", "destination.packets": 59, "destination.port": 49187, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 8041463379, "event.end": "2020-08-10T12:13:07.216Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:12:59.174Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "1155", "host.name": "eba0478be7ce", "network.bytes": 154248, "network.community_id": "1:7L45nkNAZ2A0VjByerx42FirVmA=", "network.direction": "unknown", "network.packets": 147, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "java", "-Djava.util.logging.config.file=/var/lib/jenkins/logging.properties", "-javaagent:/opt/jolokia/jolokia-agent.jar=config=/opt/jolokia/jolokia.properties", "-Dorg.jenkinsci.plugins.gitclient.Git.timeOut=10", "-jar", "/usr/local/share/jenkins/swarm-client-3.17.jar", "-description", "Ubuntu 18.04 - 2 CPU Cores / 3530 MB Memory", "-disableClientsUniqueId", "-executors", "1", "-fsroot", "/var/lib/jenkins", "-labels", ""hub"", "-labels", ""docker"", "-labels", ""vagrant"", "-labels", ""fossa"", "-master", "https://beats-ci.elastic.co/", "-maxRetryInterval", "160", "-retryBackOffStrategy", "linear", "-mode", "exclusive", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-username", "local-swarm", "-passwordFile", "/var/lib/jenkins/.jenkins_password", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-master", "https://beats-ci.elastic.co", "-username", "local-swarm", "-labels", "docker", "-labels", "immutable", "-labels", "linux", "-labels", "linux-immutable", "-labels", "nested-virtualization", "-labels", "swarm", "-labels", "ubuntu-18", "-labels", "ubuntu-18.04", "-labels", "virtual", "-labels", "x86_64", "-description", "MachineType:n1-highmem-4,DiskSize:150" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java", "process.name": "java", "process.pid": 2053, "related.ip": [ "10.224.2.62", "10.224.0.26" ], "server.bytes": 94300, "server.ip": "10.224.0.26", "server.packets": 59, "server.port": 49187, "service.type": "system", "source.bytes": 59948, "source.ip": "10.224.2.62", "source.packets": 88, "source.port": 53056, "system.audit.socket.egid": 1155, "system.audit.socket.euid": 1154, "system.audit.socket.gid": 1155, "system.audit.socket.kernel_sock_address": "0xffff8fcda7159bc0", "system.audit.socket.uid": 1154, "user.id": "1154" }, { "@timestamp": "2020-08-10T12:13:11.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 132, "client.ip": "127.192.216.182", "client.packets": 3, "client.port": 59431, "destination.bytes": 234, "destination.domain": "elastic.co", "destination.ip": "127.234.140.242", "destination.packets": 4, "destination.port": 42681, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 554914, "event.end": "2020-08-10T12:13:08.840Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:08.840Z", "event.type": [ "info", "connection" ], "flow.complete": true, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 366, "network.community_id": "1:h9V2tpRbtqGcUasa91wfTwdqZJs=", "network.direction": "inbound", "network.packets": 7, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/go/src/github.com/elastic/beats/build/ve/docker/bin/python3", "/go/src/github.com/elastic/beats/build/ve/docker/bin/pytest", "--timeout=90", "--durations=20", "--junit-xml=build/TEST-python-integration.xml", "tests/system/test_metricsets.py", "tests/system/test_system_socket.py" ], "process.created": "2020-08-10T12:12:27.460Z", "process.executable": "/usr/bin/python3.7", "process.name": "pytest", "process.pid": 28443, "related.ip": [ "127.234.140.242", "127.192.216.182" ], "related.user": [ "root" ], "server.bytes": 234, "server.domain": "elastic.co", "server.ip": "127.234.140.242", "server.packets": 4, "server.port": 42681, "service.type": "system", "source.bytes": 132, "source.ip": "127.192.216.182", "source.packets": 3, "source.port": 59431, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb8eb4ec0", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:11.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 304, "client.ip": "127.192.216.182", "client.packets": 5, "client.port": 59431, "destination.bytes": 194, "destination.domain": "elastic.co", "destination.ip": "127.234.140.242", "destination.packets": 5, "destination.port": 42681, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 853286, "event.end": "2020-08-10T12:13:08.840Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:08.839Z", "event.type": [ "info", "connection" ], "flow.complete": true, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 498, "network.community_id": "1:h9V2tpRbtqGcUasa91wfTwdqZJs=", "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/go/src/github.com/elastic/beats/build/ve/docker/bin/python3", "/go/src/github.com/elastic/beats/build/ve/docker/bin/pytest", "--timeout=90", "--durations=20", "--junit-xml=build/TEST-python-integration.xml", "tests/system/test_metricsets.py", "tests/system/test_system_socket.py" ], "process.created": "2020-08-10T12:12:27.460Z", "process.executable": "/usr/bin/python3.7", "process.name": "pytest", "process.pid": 28443, "related.ip": [ "127.192.216.182", "127.234.140.242" ], "related.user": [ "root" ], "server.bytes": 194, "server.domain": "elastic.co", "server.ip": "127.234.140.242", "server.packets": 5, "server.port": 42681, "service.type": "system", "source.bytes": 304, "source.ip": "127.192.216.182", "source.packets": 5, "source.port": 59431, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcc0b8ebd40", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:11.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 6733, "client.ip": "10.224.2.62", "client.packets": 3, "client.port": 40428, "destination.bytes": 519, "destination.ip": "35.232.239.42", "destination.packets": 3, "destination.port": 9200, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 14623807, "event.end": "2020-08-10T12:13:09.693Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:09.679Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 7252, "network.community_id": "1:n+N0rJdW/lWHSDMQ/4S7oT1UXzw=", "network.direction": "unknown", "network.packets": 6, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat-secops", "-e", "-c", "/etc/auditbeat-secops/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/opt/auditbeat-7.8.0-linux-x86_64/auditbeat", "process.name": "auditbeat-secop", "process.pid": 2050, "related.ip": [ "10.224.2.62", "35.232.239.42" ], "related.user": [ "root" ], "server.bytes": 519, "server.ip": "35.232.239.42", "server.packets": 3, "server.port": 9200, "service.type": "system", "source.bytes": 6733, "source.ip": "10.224.2.62", "source.packets": 3, "source.port": 40428, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb597b480", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:12.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 3027, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 55978, "destination.bytes": 163, "destination.ip": "35.184.73.24", "destination.packets": 4, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 2475087, "event.end": "2020-08-10T12:13:09.844Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:09.841Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 3190, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 6, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 163, "server.ip": "35.184.73.24", "server.packets": 4, "server.port": 5001, "service.type": "system", "source.bytes": 3027, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:12.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 20600, "client.ip": "10.224.2.62", "client.packets": 29, "client.port": 53056, "destination.bytes": 28052, "destination.ip": "10.224.0.26", "destination.packets": 20, "destination.port": 49187, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 150382904, "event.end": "2020-08-10T12:13:10.032Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:09.882Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "1155", "host.name": "eba0478be7ce", "network.bytes": 48652, "network.community_id": "1:7L45nkNAZ2A0VjByerx42FirVmA=", "network.direction": "unknown", "network.packets": 49, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "java", "-Djava.util.logging.config.file=/var/lib/jenkins/logging.properties", "-javaagent:/opt/jolokia/jolokia-agent.jar=config=/opt/jolokia/jolokia.properties", "-Dorg.jenkinsci.plugins.gitclient.Git.timeOut=10", "-jar", "/usr/local/share/jenkins/swarm-client-3.17.jar", "-description", "Ubuntu 18.04 - 2 CPU Cores / 3530 MB Memory", "-disableClientsUniqueId", "-executors", "1", "-fsroot", "/var/lib/jenkins", "-labels", ""hub"", "-labels", ""docker"", "-labels", ""vagrant"", "-labels", ""fossa"", "-master", "https://beats-ci.elastic.co/", "-maxRetryInterval", "160", "-retryBackOffStrategy", "linear", "-mode", "exclusive", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-username", "local-swarm", "-passwordFile", "/var/lib/jenkins/.jenkins_password", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-master", "https://beats-ci.elastic.co", "-username", "local-swarm", "-labels", "docker", "-labels", "immutable", "-labels", "linux", "-labels", "linux-immutable", "-labels", "nested-virtualization", "-labels", "swarm", "-labels", "ubuntu-18", "-labels", "ubuntu-18.04", "-labels", "virtual", "-labels", "x86_64", "-description", "MachineType:n1-highmem-4,DiskSize:150" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java", "process.name": "java", "process.pid": 2053, "related.ip": [ "10.224.2.62", "10.224.0.26" ], "server.bytes": 28052, "server.ip": "10.224.0.26", "server.packets": 20, "server.port": 49187, "service.type": "system", "source.bytes": 20600, "source.ip": "10.224.2.62", "source.packets": 29, "source.port": 53056, "system.audit.socket.egid": 1155, "system.audit.socket.euid": 1154, "system.audit.socket.gid": 1155, "system.audit.socket.kernel_sock_address": "0xffff8fcda7159bc0", "system.audit.socket.uid": 1154, "user.id": "1154" }, { "@timestamp": "2020-08-10T12:13:15.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2192, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 55978, "destination.bytes": 131, "destination.ip": "35.184.73.24", "destination.packets": 3, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 2293962, "event.end": "2020-08-10T12:13:12.918Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:12.915Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2323, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 5, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 131, "server.ip": "35.184.73.24", "server.packets": 3, "server.port": 5001, "service.type": "system", "source.bytes": 2192, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:15.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 7880, "client.ip": "10.224.2.62", "client.packets": 12, "client.port": 53056, "destination.bytes": 13256, "destination.ip": "10.224.0.26", "destination.packets": 8, "destination.port": 49187, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 10858996, "event.end": "2020-08-10T12:13:13.103Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:13.092Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "1155", "host.name": "eba0478be7ce", "network.bytes": 21136, "network.community_id": "1:7L45nkNAZ2A0VjByerx42FirVmA=", "network.direction": "unknown", "network.packets": 20, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "java", "-Djava.util.logging.config.file=/var/lib/jenkins/logging.properties", "-javaagent:/opt/jolokia/jolokia-agent.jar=config=/opt/jolokia/jolokia.properties", "-Dorg.jenkinsci.plugins.gitclient.Git.timeOut=10", "-jar", "/usr/local/share/jenkins/swarm-client-3.17.jar", "-description", "Ubuntu 18.04 - 2 CPU Cores / 3530 MB Memory", "-disableClientsUniqueId", "-executors", "1", "-fsroot", "/var/lib/jenkins", "-labels", ""hub"", "-labels", ""docker"", "-labels", ""vagrant"", "-labels", ""fossa"", "-master", "https://beats-ci.elastic.co/", "-maxRetryInterval", "160", "-retryBackOffStrategy", "linear", "-mode", "exclusive", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-username", "local-swarm", "-passwordFile", "/var/lib/jenkins/.jenkins_password", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-master", "https://beats-ci.elastic.co", "-username", "local-swarm", "-labels", "docker", "-labels", "immutable", "-labels", "linux", "-labels", "linux-immutable", "-labels", "nested-virtualization", "-labels", "swarm", "-labels", "ubuntu-18", "-labels", "ubuntu-18.04", "-labels", "virtual", "-labels", "x86_64", "-description", "MachineType:n1-highmem-4,DiskSize:150" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java", "process.name": "java", "process.pid": 2053, "related.ip": [ "10.224.2.62", "10.224.0.26" ], "server.bytes": 13256, "server.ip": "10.224.0.26", "server.packets": 8, "server.port": 49187, "service.type": "system", "source.bytes": 7880, "source.ip": "10.224.2.62", "source.packets": 12, "source.port": 53056, "system.audit.socket.egid": 1155, "system.audit.socket.euid": 1154, "system.audit.socket.gid": 1155, "system.audit.socket.kernel_sock_address": "0xffff8fcda7159bc0", "system.audit.socket.uid": 1154, "user.id": "1154" }, { "@timestamp": "2020-08-10T12:13:15.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 104, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 38778, "destination.bytes": 64, "destination.ip": "13.56.41.133", "destination.packets": 2, "destination.port": 9243, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 237126256, "event.end": "2020-08-10T12:13:13.600Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:13.363Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "host.name": "eba0478be7ce", "network.bytes": 168, "network.community_id": "1:aQnZH6HpFJUUSU7w1YKgTKuwP2U=", "network.direction": "unknown", "network.packets": 4, "network.transport": "tcp", "network.type": "ipv4", "related.ip": [ "10.224.2.62", "13.56.41.133" ], "server.bytes": 64, "server.ip": "13.56.41.133", "server.packets": 2, "server.port": 9243, "service.type": "system", "source.bytes": 104, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 38778, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b4b480" }, { "@timestamp": "2020-08-10T12:13:17.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 5588, "client.ip": "10.224.2.62", "client.packets": 3, "client.port": 40428, "destination.bytes": 479, "destination.ip": "35.232.239.42", "destination.packets": 2, "destination.port": 9200, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 11478253, "event.end": "2020-08-10T12:13:15.690Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:15.679Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 6067, "network.community_id": "1:n+N0rJdW/lWHSDMQ/4S7oT1UXzw=", "network.direction": "unknown", "network.packets": 5, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat-secops", "-e", "-c", "/etc/auditbeat-secops/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/opt/auditbeat-7.8.0-linux-x86_64/auditbeat", "process.name": "auditbeat-secop", "process.pid": 2050, "related.ip": [ "10.224.2.62", "35.232.239.42" ], "related.user": [ "root" ], "server.bytes": 479, "server.ip": "35.232.239.42", "server.packets": 2, "server.port": 9200, "service.type": "system", "source.bytes": 5588, "source.ip": "10.224.2.62", "source.packets": 3, "source.port": 40428, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb597b480", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:18.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2208, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 55978, "destination.bytes": 131, "destination.ip": "35.184.73.24", "destination.packets": 3, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 2232601, "event.end": "2020-08-10T12:13:15.920Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:15.917Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2339, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 5, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 131, "server.ip": "35.184.73.24", "server.packets": 3, "server.port": 5001, "service.type": "system", "source.bytes": 2208, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:18.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 1198, "client.ip": "127.0.0.1", "client.packets": 4, "client.port": 46038, "destination.bytes": 1566, "destination.ip": "127.0.0.1", "destination.packets": 3, "destination.port": 8778, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 3579087, "event.end": "2020-08-10T12:13:16.124Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:16.121Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2764, "network.community_id": "1:UvGwYieoYdhpg4yFy+2uMQY1370=", "network.direction": "unknown", "network.packets": 7, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/metricbeat", "-e", "-c", "/etc/metricbeat/metricbeat.yml", "--path.home", "/etc/metricbeat" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/metricbeat-7.3.2-linux-x86_64/metricbeat", "process.name": "metricbeat", "process.pid": 2046, "related.ip": [ "127.0.0.1", "127.0.0.1" ], "related.user": [ "root" ], "server.bytes": 1566, "server.ip": "127.0.0.1", "server.packets": 3, "server.port": 8778, "service.type": "system", "source.bytes": 1198, "source.ip": "127.0.0.1", "source.packets": 4, "source.port": 46038, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b4bd40", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:18.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 1626, "client.ip": "127.0.0.1", "client.packets": 3, "client.port": 8778, "destination.bytes": 1118, "destination.ip": "127.0.0.1", "destination.packets": 4, "destination.port": 46038, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 3487980, "event.end": "2020-08-10T12:13:16.124Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:16.121Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2744, "network.community_id": "1:UvGwYieoYdhpg4yFy+2uMQY1370=", "network.direction": "unknown", "network.packets": 7, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/metricbeat", "-e", "-c", "/etc/metricbeat/metricbeat.yml", "--path.home", "/etc/metricbeat" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/metricbeat-7.3.2-linux-x86_64/metricbeat", "process.name": "metricbeat", "process.pid": 2046, "related.ip": [ "127.0.0.1", "127.0.0.1" ], "related.user": [ "root" ], "server.bytes": 1118, "server.ip": "127.0.0.1", "server.packets": 4, "server.port": 46038, "service.type": "system", "source.bytes": 1626, "source.ip": "127.0.0.1", "source.packets": 3, "source.port": 8778, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdddcb9280", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:19.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 7880, "client.ip": "10.224.2.62", "client.packets": 12, "client.port": 53056, "destination.bytes": 13256, "destination.ip": "10.224.0.26", "destination.packets": 8, "destination.port": 49187, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 10266532, "event.end": "2020-08-10T12:13:16.951Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:16.941Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "1155", "host.name": "eba0478be7ce", "network.bytes": 21136, "network.community_id": "1:7L45nkNAZ2A0VjByerx42FirVmA=", "network.direction": "unknown", "network.packets": 20, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "java", "-Djava.util.logging.config.file=/var/lib/jenkins/logging.properties", "-javaagent:/opt/jolokia/jolokia-agent.jar=config=/opt/jolokia/jolokia.properties", "-Dorg.jenkinsci.plugins.gitclient.Git.timeOut=10", "-jar", "/usr/local/share/jenkins/swarm-client-3.17.jar", "-description", "Ubuntu 18.04 - 2 CPU Cores / 3530 MB Memory", "-disableClientsUniqueId", "-executors", "1", "-fsroot", "/var/lib/jenkins", "-labels", ""hub"", "-labels", ""docker"", "-labels", ""vagrant"", "-labels", ""fossa"", "-master", "https://beats-ci.elastic.co/", "-maxRetryInterval", "160", "-retryBackOffStrategy", "linear", "-mode", "exclusive", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-username", "local-swarm", "-passwordFile", "/var/lib/jenkins/.jenkins_password", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-master", "https://beats-ci.elastic.co", "-username", "local-swarm", "-labels", "docker", "-labels", "immutable", "-labels", "linux", "-labels", "linux-immutable", "-labels", "nested-virtualization", "-labels", "swarm", "-labels", "ubuntu-18", "-labels", "ubuntu-18.04", "-labels", "virtual", "-labels", "x86_64", "-description", "MachineType:n1-highmem-4,DiskSize:150" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java", "process.name": "java", "process.pid": 2053, "related.ip": [ "10.224.2.62", "10.224.0.26" ], "server.bytes": 13256, "server.ip": "10.224.0.26", "server.packets": 8, "server.port": 49187, "service.type": "system", "source.bytes": 7880, "source.ip": "10.224.2.62", "source.packets": 12, "source.port": 53056, "system.audit.socket.egid": 1155, "system.audit.socket.euid": 1154, "system.audit.socket.gid": 1155, "system.audit.socket.kernel_sock_address": "0xffff8fcda7159bc0", "system.audit.socket.uid": 1154, "user.id": "1154" }, { "@timestamp": "2020-08-10T12:13:19.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2256, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 38780, "destination.bytes": 625, "destination.ip": "13.56.41.133", "destination.packets": 2, "destination.port": 9243, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 55176949, "event.end": "2020-08-10T12:13:17.180Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:17.125Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2881, "network.community_id": "1:Clnw3Poaz9rMd940EPU4bs4zTQw=", "network.direction": "unknown", "network.packets": 4, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/metricbeat", "-e", "-c", "/etc/metricbeat/metricbeat.yml", "--path.home", "/etc/metricbeat" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/metricbeat-7.3.2-linux-x86_64/metricbeat", "process.name": "metricbeat", "process.pid": 2046, "related.ip": [ "10.224.2.62", "13.56.41.133" ], "related.user": [ "root" ], "server.bytes": 625, "server.ip": "13.56.41.133", "server.packets": 2, "server.port": 9243, "service.type": "system", "source.bytes": 2256, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 38780, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb597c600", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:21.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 2190, "client.ip": "10.224.2.62", "client.packets": 2, "client.port": 55978, "destination.bytes": 99, "destination.ip": "35.184.73.24", "destination.packets": 2, "destination.port": 5001, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 14119080, "event.end": "2020-08-10T12:13:18.937Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:18.923Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 2289, "network.community_id": "1:+LI0jCJd+S+s9f7vR8bFhxp9aDg=", "network.direction": "unknown", "network.packets": 4, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat", "-e", "-c", "/etc/auditbeat/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.820Z", "process.executable": "/opt/auditbeat-7.3.0-linux-x86_64/auditbeat", "process.name": "auditbeat", "process.pid": 2047, "related.ip": [ "10.224.2.62", "35.184.73.24" ], "related.user": [ "root" ], "server.bytes": 99, "server.ip": "35.184.73.24", "server.packets": 2, "server.port": 5001, "service.type": "system", "source.bytes": 2190, "source.ip": "10.224.2.62", "source.packets": 2, "source.port": 55978, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb5b80000", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:22.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 4396, "client.ip": "10.224.2.62", "client.packets": 3, "client.port": 40428, "destination.bytes": 480, "destination.ip": "35.232.239.42", "destination.packets": 2, "destination.port": 9200, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 15204168, "event.end": "2020-08-10T12:13:19.823Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:19.807Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 4876, "network.community_id": "1:n+N0rJdW/lWHSDMQ/4S7oT1UXzw=", "network.direction": "unknown", "network.packets": 5, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/local/bin/auditbeat-secops", "-e", "-c", "/etc/auditbeat-secops/auditbeat.yml" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/opt/auditbeat-7.8.0-linux-x86_64/auditbeat", "process.name": "auditbeat-secop", "process.pid": 2050, "related.ip": [ "10.224.2.62", "35.232.239.42" ], "related.user": [ "root" ], "server.bytes": 480, "server.ip": "35.232.239.42", "server.packets": 2, "server.port": 9200, "service.type": "system", "source.bytes": 4396, "source.ip": "10.224.2.62", "source.packets": 3, "source.port": 40428, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdb597b480", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:23.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 360, "client.ip": "10.224.2.62", "client.packets": 9, "client.port": 39022, "destination.bytes": 13733, "destination.ip": "169.254.169.254", "destination.packets": 10, "destination.port": 80, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 1135674, "event.end": "2020-08-10T12:13:21.222Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:21.221Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 14093, "network.community_id": "1:5aI4LbqYYEqTvnJ4s0SSyrq1R5k=", "network.direction": "unknown", "network.packets": 19, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/bin/python3", "/usr/bin/google_accounts_daemon" ], "process.created": "2020-08-10T12:05:24.080Z", "process.executable": "/usr/bin/python3.6", "process.name": "google_accounts", "process.pid": 1816, "related.ip": [ "10.224.2.62", "169.254.169.254" ], "related.user": [ "root" ], "server.bytes": 13733, "server.ip": "169.254.169.254", "server.packets": 10, "server.port": 80, "service.type": "system", "source.bytes": 360, "source.ip": "10.224.2.62", "source.packets": 9, "source.port": 39022, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcddc571a40", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:23.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 398, "client.ip": "10.224.2.62", "client.packets": 3, "client.port": 39042, "destination.bytes": 68, "destination.ip": "169.254.169.254", "destination.packets": 3, "destination.port": 80, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 825698, "event.end": "2020-08-10T12:13:21.253Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:21.252Z", "event.type": [ "info", "connection" ], "flow.complete": true, "flow.final": true, "group.id": "0", "group.name": "root", "host.name": "eba0478be7ce", "network.bytes": 466, "network.community_id": "1:9MnfcS6vIl7mOzg9bimkSJJUDBY=", "network.direction": "outbound", "network.packets": 6, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "/usr/bin/python3", "/usr/bin/google_accounts_daemon" ], "process.created": "2020-08-10T12:05:24.080Z", "process.executable": "/usr/bin/python3.6", "process.name": "google_accounts", "process.pid": 1816, "related.ip": [ "10.224.2.62", "169.254.169.254" ], "related.user": [ "root" ], "server.bytes": 68, "server.ip": "169.254.169.254", "server.packets": 3, "server.port": 80, "service.type": "system", "source.bytes": 398, "source.ip": "10.224.2.62", "source.packets": 3, "source.port": 39042, "system.audit.socket.egid": 0, "system.audit.socket.euid": 0, "system.audit.socket.gid": 0, "system.audit.socket.kernel_sock_address": "0xffff8fcdde23e040", "system.audit.socket.uid": 0, "user.id": "0", "user.name": "root" }, { "@timestamp": "2020-08-10T12:13:23.729Z", "agent.ephemeral_id": "e1ffb39a-80ac-4804-b8d1-5536f62b9c13", "agent.id": "1e4c6e56-043c-4579-a19f-27e9bed82dae", "agent.name": "eba0478be7ce", "agent.type": "auditbeat", "agent.version": "8.0.0", "client.bytes": 7880, "client.ip": "10.224.2.62", "client.packets": 12, "client.port": 53056, "destination.bytes": 13256, "destination.ip": "10.224.0.26", "destination.packets": 8, "destination.port": 49187, "ecs.version": "1.5.0", "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.duration": 10215223, "event.end": "2020-08-10T12:13:21.566Z", "event.kind": "event", "event.module": "system", "event.start": "2020-08-10T12:13:21.556Z", "event.type": [ "info", "connection" ], "flow.complete": false, "flow.final": true, "group.id": "1155", "host.name": "eba0478be7ce", "network.bytes": 21136, "network.community_id": "1:7L45nkNAZ2A0VjByerx42FirVmA=", "network.direction": "unknown", "network.packets": 20, "network.transport": "tcp", "network.type": "ipv4", "process.args": [ "java", "-Djava.util.logging.config.file=/var/lib/jenkins/logging.properties", "-javaagent:/opt/jolokia/jolokia-agent.jar=config=/opt/jolokia/jolokia.properties", "-Dorg.jenkinsci.plugins.gitclient.Git.timeOut=10", "-jar", "/usr/local/share/jenkins/swarm-client-3.17.jar", "-description", "Ubuntu 18.04 - 2 CPU Cores / 3530 MB Memory", "-disableClientsUniqueId", "-executors", "1", "-fsroot", "/var/lib/jenkins", "-labels", ""hub"", "-labels", ""docker"", "-labels", ""vagrant"", "-labels", ""fossa"", "-master", "https://beats-ci.elastic.co/", "-maxRetryInterval", "160", "-retryBackOffStrategy", "linear", "-mode", "exclusive", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-username", "local-swarm", "-passwordFile", "/var/lib/jenkins/.jenkins_password", "-name", "beats-ci-immutable-ubuntu-1804-1597061083637527709", "-master", "https://beats-ci.elastic.co", "-username", "local-swarm", "-labels", "docker", "-labels", "immutable", "-labels", "linux", "-labels", "linux-immutable", "-labels", "nested-virtualization", "-labels", "swarm", "-labels", "ubuntu-18", "-labels", "ubuntu-18.04", "-labels", "virtual", "-labels", "x86_64", "-description", "MachineType:n1-highmem-4,DiskSize:150" ], "process.created": "2020-08-10T12:05:24.830Z", "process.executable": "/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java", "process.name": "java", "process.pid": 2053, "related.ip": [ "10.224.2.62", "10.224.0.26" ], "server.bytes": 13256, "server.ip": "10.224.0.26", "server.packets": 8, "server.port": 49187, "service.type": "system", "source.bytes": 7880, "source.ip": "10.224.2.62", "source.packets": 12, "source.port": 53056, "system.audit.socket.egid": 1155, "system.audit.socket.euid": 1154, "system.audit.socket.gid": 1155, "system.audit.socket.kernel_sock_address": "0xffff8fcda7159bc0", "system.audit.socket.uid": 1154, "user.id": "1154" } ] don't match the condition: the documents contain { "agent.type": "auditbeat", "client.bytes": { "operator": "", "type": "comparison", "value": 30 }, "client.ip": "127.28.95.203", "client.packets": 1, "client.port": 45503, "destination.bytes": { "operator": "", "type": "comparison", "value": 30 }, "destination.ip": "127.218.253.253", "destination.packets": 1, "destination.port": 53, "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.kind": "event", "event.module": "system", "network.bytes": { "operator": "", "type": "comparison", "value": 60 }, "network.direction": "inbound", "network.packets": 2, "network.transport": "udp", "network.type": "ipv4", "process.pid": 28443, "server.bytes": { "operator": "", "type": "comparison", "value": 30 }, "server.ip": "127.218.253.253", "server.packets": 1, "server.port": 53, "source.bytes": { "operator": "", "type": "comparison", "value": 30 }, "source.ip": "127.28.95.203", "source.packets": 1, "source.port": 45503, "user.id": "0" }, { "agent.type": "auditbeat", "client.bytes": { "operator": "", "type": "comparison", "value": 80 }, "client.ip": "127.192.216.182", "client.packets": { "operator": "", "type": "comparison", "value": 2 }, "client.port": 59431, "destination.bytes": { "operator": "", "type": "comparison", "value": 2 }, "destination.domain": "elastic.co", "destination.ip": "127.234.140.242", "destination.packets": { "operator": "", "type": "comparison", "value": 2 }, "destination.port": 42681, "event.action": "network_flow", "event.category": [ "network", "network_traffic" ], "event.dataset": "socket", "event.kind": "event", "event.module": "system", "network.direction": "inbound", "network.packets": { "operator": "", "type": "comparison", "value": 5 }, "network.transport": "tcp", "network.type": "ipv4", "process.pid": 28443, "server.bytes": { "operator": "", "type": "comparison", "value": 2 }, "server.domain": "elastic.co", "server.ip": "127.234.140.242", "server.packets": { "operator": "", "type": "comparison", "value": 2 }, "server.port": 42681, "service.type": "system", "source.bytes": { "operator": "", "type": "comparison", "value": 80 }, "source.ip": "127.192.216.182", "source.packets": { "operator": "", "type": "comparison", "value": 2 }, "source.port": 59431 } assert False

Steps errors

Expand to view the steps failures

  • Name: Mage update build test

    • Description: mage update build test

    • Duration: 8 min 21 sec

    • Start Time: 2020-08-10T12:06:16.542+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-08-10T12:51:06.110Z] + curl -sSLo /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/docker-compose https://github.com/docker/compose/releases/download/1.21.0/docker-compose-Linux-x86_64
[2020-08-10T12:51:06.679Z] + chmod +x /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/docker-compose
[2020-08-10T12:51:07.131Z] + .ci/scripts/install-terraform.sh
[2020-08-10T12:51:07.131Z] + MSG='environment variable missing.'
[2020-08-10T12:51:07.131Z] + TERRAFORM_VERSION=0.12.24
[2020-08-10T12:51:07.131Z] + HOME=/var/lib/jenkins/workspace/Beats_beats_PR-20511
[2020-08-10T12:51:07.131Z] + TERRAFORM_CMD=/var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform
[2020-08-10T12:51:07.131Z] ++ uname -s
[2020-08-10T12:51:07.131Z] ++ tr '[:upper:]' '[:lower:]'
[2020-08-10T12:51:07.131Z] + OS=linux
[2020-08-10T12:51:07.131Z] + command -v terraform
[2020-08-10T12:51:07.131Z] + echo 'UNMET DEP: Installing Terraform'
[2020-08-10T12:51:07.131Z] UNMET DEP: Installing Terraform
[2020-08-10T12:51:07.131Z] + mkdir -p /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin
[2020-08-10T12:51:07.131Z] + curl -sSLo - https://releases.hashicorp.com/terraform/0.12.24/terraform_0.12.24_linux_amd64.zip
[2020-08-10T12:51:07.703Z] ++ dirname /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform
[2020-08-10T12:51:07.703Z] + unzip -o /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform.zip -d /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin
[2020-08-10T12:51:07.703Z] Archive:  /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform.zip
[2020-08-10T12:51:08.276Z]   inflating: /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform  
[2020-08-10T12:51:08.276Z] + rm /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform.zip
[2020-08-10T12:51:08.276Z] + chmod +x /var/lib/jenkins/workspace/Beats_beats_PR-20511/bin/terraform
[2020-08-10T12:51:08.722Z] + make mage
[2020-08-10T12:51:08.722Z] Installing mage v1.10.0.
[2020-08-10T12:51:09.662Z] go: downloading github.com/magefile/mage v1.10.0
[2020-08-10T12:51:11.044Z] /var/lib/jenkins/workspace/Beats_beats_PR-20511/.magefile cleaned
[2020-08-10T12:51:11.438Z] + git config --get user.email
[2020-08-10T12:51:11.438Z] + [ -z  ]
[2020-08-10T12:51:11.438Z] + git config user.email beatsmachine@users.noreply.github.com
[2020-08-10T12:51:11.438Z] + git config user.name beatsmachine
[2020-08-10T12:51:11.890Z] + .ci/scripts/terraform-cleanup.sh x-pack/metricbeat
[2020-08-10T12:51:11.890Z] + DIRECTORY=x-pack/metricbeat
[2020-08-10T12:51:11.890Z] + FAILED=0
[2020-08-10T12:51:11.890Z] ++ find x-pack/metricbeat -name terraform.tfstate
[2020-08-10T12:51:11.890Z] + exit 0
[2020-08-10T12:51:14.406Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats
[2020-08-10T12:51:14.745Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-08-10T12:51:14.770Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Lint
[2020-08-10T12:51:14.925Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-08-10T12:51:15.085Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Dockerlogbeat
[2020-08-10T12:51:15.257Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-08-10T12:51:15.419Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-08-10T12:51:15.579Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-08-10T12:51:15.744Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-08-10T12:51:15.904Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-08-10T12:51:16.064Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-08-10T12:51:16.224Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-08-10T12:51:16.390Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-08-10T12:51:16.549Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Libbeat-x-pack
[2020-08-10T12:51:16.704Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack-Mac-OS-X
[2020-08-10T12:51:16.859Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-08-10T12:51:17.017Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-08-10T12:51:17.175Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-08-10T12:51:17.334Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Filebeat-x-pack
[2020-08-10T12:51:17.494Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Functionbeat-Windows
[2020-08-10T12:51:17.656Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-08-10T12:51:18.101Z] + cat
[2020-08-10T12:51:18.102Z] + /usr/local/bin/runbld ./runbld-script
[2020-08-10T12:51:18.102Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-08-10T12:51:24.718Z] runbld>>> runbld started
[2020-08-10T12:51:24.718Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-08-10T12:51:26.108Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-20511' in order of occurrence in the config (last value wins).
[2020-08-10T12:51:27.496Z] runbld>>> Debug logging enabled.
[2020-08-10T12:51:27.496Z] runbld>>> Storing result
[2020-08-10T12:51:27.757Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-08-10T12:51:27.757Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200810125127-4CB8059A
[2020-08-10T12:51:27.757Z] runbld>>> Adding system facts.
[2020-08-10T12:51:28.708Z] runbld>>> Adding vcs info for the latest commit:  3d73b90a2d0baa10e13ce03b213bfb0ed8b7a4d8
[2020-08-10T12:51:28.708Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-08-10T12:51:28.708Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-08-10T12:51:28.969Z] + echo 'Processing JUnit reports with runbld...'
[2020-08-10T12:51:28.969Z] Processing JUnit reports with runbld...
[2020-08-10T12:51:29.230Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-08-10T12:51:29.230Z] runbld>>> DURATION: 23ms
[2020-08-10T12:51:29.230Z] runbld>>> STDOUT: 40 bytes
[2020-08-10T12:51:29.230Z] runbld>>> STDERR: 49 bytes
[2020-08-10T12:51:29.230Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-08-10T12:51:29.230Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats
[2020-08-10T12:51:30.173Z] runbld>>> Storing build metadata: 
[2020-08-10T12:51:30.174Z] runbld>>> Adding test report.
[2020-08-10T12:51:30.174Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats
[2020-08-10T12:51:31.117Z] runbld>>> Found 53 test output files
[2020-08-10T12:51:33.033Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-08-10T12:51:33.033Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-08-10T12:51:33.033Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-08-10T12:51:33.033Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-08-10T12:51:33.033Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-20511/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-08-10T12:51:33.294Z] runbld>>> Test output logs contained: Errors: 0 Failures: 1 Tests: 4843 Skipped: 511
[2020-08-10T12:51:33.555Z] runbld>>> Storing result
[2020-08-10T12:51:33.555Z] runbld>>> FAILURES: 1
[2020-08-10T12:51:34.127Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-08-10T12:51:34.127Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200810125127-4CB8059A
[2020-08-10T12:51:34.387Z] runbld>>> Email notification disabled by environment variable.
[2020-08-10T12:51:34.387Z] runbld>>> Slack notification disabled by environment variable.
[2020-08-10T12:51:40.020Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-20511
[2020-08-10T12:51:40.200Z] [INFO] getVaultSecret: Getting secrets
[2020-08-10T12:51:40.291Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-08-10T12:51:55.388Z] + chmod 755 generate-build-data.sh
[2020-08-10T12:51:55.389Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20511/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20511/runs/1 FAILURE 4223887
[2020-08-10T12:51:55.389Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20511/runs/1/steps/?limit=10000 -o steps-info.json
[2020-08-10T12:51:56.732Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20511/runs/1/tests/?status=FAILED -o tests-errors.json

@jsoriano
Copy link
Member Author

Failure in CI is not related, and previous failure is fixed. Merging.

@jsoriano jsoriano merged commit 368d31b into elastic:master Aug 10, 2020
@jsoriano jsoriano deleted the fix-libbeat-xpack-es-healthcheck branch August 10, 2020 12:57
jsoriano added a commit to jsoriano/beats that referenced this pull request Aug 10, 2020
@jsoriano
Fix healthcheck in ES compose service (elastic#20511)
64fdda9 
Python is not included anymore on Elasticsearch images, change the
healthcheck to be based on curl and the easier to parse cat API.

(cherry picked from commit 368d31b)
@jsoriano jsoriano mentioned this pull request Aug 10, 2020
Merged
@jsoriano jsoriano added v7.10.0 and removed needs_backport PR is waiting to be backported to other branches. labels Aug 10, 2020
@v1v v1v mentioned this pull request Aug 10, 2020
Merged
6 tasks
jsoriano added a commit that referenced this pull request Aug 11, 2020
@jsoriano
Fix healthcheck in ES compose service (#20511) (#20513)
4dfeb1a 
Python is not included anymore on Elasticsearch images, change the
healthcheck to be based on curl and the easier to parse cat API.

(cherry picked from commit 368d31b)
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@jsoriano @melchiormoulin
Fix healthcheck in ES compose service (elastic#20511)
305e2b3 
Python is not included anymore on Elasticsearch images, change the
healthcheck to be based on curl and the easier to parse cat API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChrsMark ChrsMark ChrsMark approved these changes

Assignees

@jsoriano jsoriano

Labels
review Team:Integrations Label for the Integrations team :Testing v7.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsoriano @elasticmachine @ChrsMark