{"@timestamp":"2021-05-05T09:40:26.035816014Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":242,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:242 Username : ","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.03583752Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":244,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:244 Alerts Index : logs-endpoint.alerts-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.035858738Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":246,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:246 Diagnostic Index : .logs-endpoint.diagnostic.collection-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.035879807Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":248,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:248 File Events Index : logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.035901549Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":254,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:254 Network Events Index : logs-endpoint.events.network-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.035922984Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":256,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:256 Process Events Index : logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.035953983Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":263,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:263 Metadata Index : metrics-endpoint.metadata-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.035978566Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":264,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:264 Policy Index : metrics-endpoint.policy-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036000529Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":265,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:265 Metrics Index : metrics-endpoint.metrics-default","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036021542Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":266,"name":"ElasticsearchComms.cpp"}}},"message":"ElasticsearchComms.cpp:266 Send Delay : 30","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036043301Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":225,"name":"TlsConfig.cpp"}}},"message":"TlsConfig.cpp:225 Verify TLS Peer : yes","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036064391Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":226,"name":"TlsConfig.cpp"}}},"message":"TlsConfig.cpp:226 Verify TLS Peer Hostname : yes","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.03608517Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":227,"name":"TlsConfig.cpp"}}},"message":"TlsConfig.cpp:227 CA SHA256 : ","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036119402Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action read_elasticsearch_config: success - Successfully read Elasticsearch configuration","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036147013Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1139,"name":"Config.cpp"}}},"message":"Config.cpp:1139 Reading configuration for alerts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036176369Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":92,"name":"Policy.cpp"}}},"message":"Policy.cpp:92 field (inputs[0].policy.mac.advanced.alerts.cloud_lookup) not found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036206179Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":92,"name":"Policy.cpp"}}},"message":"Policy.cpp:92 field (inputs[0].policy.mac.advanced.alerts.cloud_lookup_url) not found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.03623775Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action read_alerts_config: success - Successfully read alerts configuration","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036261007Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":53,"name":"Alerts.cpp"}}},"message":"Alerts.cpp:53 Read alerts config:","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036281981Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":54,"name":"Alerts.cpp"}}},"message":"Alerts.cpp:54 Cloud lookup enabled: yes","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036302074Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":55,"name":"Alerts.cpp"}}},"message":"Alerts.cpp:55 Cloud lookup url: https://cloud.security.elastic.co/v1/lookup","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036324964Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1139,"name":"Config.cpp"}}},"message":"Config.cpp:1139 Reading configuration for logging","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036352466Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":102,"name":"Policy.cpp"}}},"message":"Policy.cpp:102 field (fleet.agent.logging.level) found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036405002Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":92,"name":"Policy.cpp"}}},"message":"Policy.cpp:92 field (inputs[0].policy.mac.advanced.logging.stdout) not found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036434644Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":92,"name":"Policy.cpp"}}},"message":"Policy.cpp:92 field (inputs[0].policy.mac.advanced.logging.stderr) not found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.03646259Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":92,"name":"Policy.cpp"}}},"message":"Policy.cpp:92 field (inputs[0].policy.mac.advanced.logging.syslog) not found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036490263Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":92,"name":"Policy.cpp"}}},"message":"Policy.cpp:92 field (inputs[0].policy.mac.advanced.logging.file) not found in config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036514534Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":80,"name":"Logging.cpp"}}},"message":"Logging.cpp:80 Read Logging config:","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036535802Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":84,"name":"Logging.cpp"}}},"message":"Logging.cpp:84 file: info","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036565407Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action read_logging_config: success - Successfully read logging configuration","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036595858Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action load_config: success - Successfully parsed configuration","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.036872667Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"notice","origin":{"file":{"line":1770,"name":"Config.cpp"}}},"message":"Config.cpp:1770 Applying policy","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.043465988Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":523,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:523 Artifact endpoint-exceptionlist-macos-v1 already exists on disk","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.044792234Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":611,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:611 Artifact endpoint-exceptionlist-macos-v1 successfully verified","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.049453935Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":523,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:523 Artifact endpoint-trustlist-macos-v1 already exists on disk","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.050677473Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":611,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:611 Artifact endpoint-trustlist-macos-v1 successfully verified","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051226371Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2482,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2482 Loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051257099Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2543,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2543 Loaded 0 of 0 entries","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051281578Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2546,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2546 Done loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051310441Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2482,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2482 Loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051333928Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2543,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2543 Loaded 0 of 0 entries","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051356475Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2546,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2546 Done loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051379687Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1314,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:1314 Artifact manifest successfully processed","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.051913434Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1859,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:1859 Backing up current artifacts to /Library/Elastic/Endpoint/cache/artifacts/backup-user-artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.05197426Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":611,"name":"File.cpp"}}},"message":"File.cpp:611 Renaming /Library/Elastic/Endpoint/cache/artifacts/user-artifacts => /Library/Elastic/Endpoint/cache/artifacts/backup-user-artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.053282729Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1874,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:1874 Installing new artifacts to /Library/Elastic/Endpoint/cache/artifacts/user-artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.05334371Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":611,"name":"File.cpp"}}},"message":"File.cpp:611 Renaming /Library/Elastic/Endpoint/cache/artifacts/tmp-user-artifacts => /Library/Elastic/Endpoint/cache/artifacts/user-artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.053745653Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1877,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:1877 New artifacts installed successfully","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.092229934Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action download_user_artifacts: success - Successfully downloaded user artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.147413214Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":89,"name":"Allowlist.cpp"}}},"message":"Allowlist.cpp:89 Setting user exception list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.14745951Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2482,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2482 Loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.147483356Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2543,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2543 Loaded 0 of 0 entries","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.14750563Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2546,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2546 Done loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.147527738Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":92,"name":"Allowlist.cpp"}}},"message":"Allowlist.cpp:92 Set user exception list (Success)","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.147559499Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2482,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2482 Loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.147581846Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2543,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2543 Loaded 0 of 0 entries","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.147603463Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2546,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2546 Done loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.150618365Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":96,"name":"Allowlist.cpp"}}},"message":"Allowlist.cpp:96 Setting global exeception list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.150883064Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2482,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2482 Loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.154846285Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2543,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2543 Loaded 159 of 159 entries","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.154881702Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2546,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2546 Done loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.154906977Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":99,"name":"Allowlist.cpp"}}},"message":"Allowlist.cpp:99 Set global exeception list (Success)","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.156165897Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2482,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2482 Loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.156194946Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2543,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2543 Loaded 0 of 0 entries","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.156218569Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":2546,"name":"FilterLib.cpp"}}},"message":"FilterLib.cpp:2546 Done loading filter list","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.16681279Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action download_global_artifacts: success - Global artifacts are available for use","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.176389976Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring logging","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.176482473Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_logging: success - Successfully configured logging","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.176511089Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring alerts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.176550543Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_alerts: success - Successfully configured alerts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.176577366Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring elasticsearchComms","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.177416413Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_elasticsearch_connection: success - Successfully configured Elasticsearch connection","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.177725697Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.177756451Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":494,"name":"UserMaude.cpp"}}},"message":"UserMaude.cpp:494 Configuring Kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.17781607Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":507,"name":"UserMaude.cpp"}}},"message":"UserMaude.cpp:507 Connecting to extension","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:26.180537333Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":157,"name":"SystemExtensionComms.mm"}}},"message":"SystemExtensionComms.mm:157 Successfully registered with system extension","process":{"pid":560,"thread":{"id":181891}}} {"@timestamp":"2021-05-05T09:40:26.202451867Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":142,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:142 Reconfigure detected, refreshing Elasticsearch client","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.202496791Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":151,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:151 Need to check client connection","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.202521331Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":52,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:52 Setting new Elasticsearch client","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.207357771Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 9921","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:40:26.212433742Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing GET connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_cluster/health]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.310704195Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.406060067Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 81 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.406182651Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 69 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:26.406209339Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 12 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:27.113084555Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2644","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:40:27.147854206Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2645","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:40:33.527694541Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: elastic-agent","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529559273Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action connect_kernel: success - Successfully connected to kernel/system extension","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529593307Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":676,"name":"UserMaude.cpp"}}},"message":"UserMaude.cpp:676 Starting file write reporting","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529638247Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action detect_file_write_events: success - Successfully started file write event reporting","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529666127Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":719,"name":"UserMaude.cpp"}}},"message":"UserMaude.cpp:719 Starting process event reporting","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529712571Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action detect_process_events: success - Successfully started full process event reporting","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529746814Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":743,"name":"UserMaude.cpp"}}},"message":"UserMaude.cpp:743 Starting network event reporting","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.529785981Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action detect_network_events: success - Successfully started network event reporting","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.5311887Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action full_disk_access: success - Full Disk Access is enabled","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.53123974Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_kernel: success - Successfully configured kernel/system extension","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.531273999Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.531305788Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":596,"name":"Events.cpp"}}},"message":"Events.cpp:596 Configuring Events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.531347764Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_file_events: success - Success enabling file events; current state is enabled","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.53138944Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_network_events: success - Success enabling network events; current state is enabled","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.531429727Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_process_events: success - Success enabling process events; current state is enabled","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.531458007Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring fileScore","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.59489769Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action load_malware_model: success - Successfully loaded malware model","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.597532211Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action load_diagnostic_malware_model: failure - Failed to deserialize model; missing or invalid malware artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:33.603332553Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2647","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:40:33.623019069Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2647","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:40:34.281565467Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2648","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:40:34.365357922Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":131,"name":"WriteSuppressionCache.cpp"}}},"message":"WriteSuppressionCache.cpp:131 Clearing the write suppression cache.","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.371867714Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action load_diagnostic_malware_model: failure - Invalid malware signatures format; missing or invalid malware artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37190474Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":54,"name":"FileScore.cpp"}}},"message":"FileScore.cpp:54 New and former malware statuses are the same; not modifying callbacks","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.371947802Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_malware: success - Successfully enabled malware prevention","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.371989828Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_diagnostic_malware: failure - Failed to enable malware detection/prevention","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372024445Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring qa","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372057598Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring endUserNotification","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372106671Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_user_notification: success - Successfully configured user notification","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37213664Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1569,"name":"Config.cpp"}}},"message":"Config.cpp:1569 Configuring rulesEngine","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372181868Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action configure_diagnostic_rules_engine: success - Rules engine is stopped","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372211566Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1651,"name":"Config.cpp"}}},"message":"Config.cpp:1651 Checking for agent connectivity","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372254767Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action agent_connectivity: success - Successfully connected to Agent","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372300072Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":371,"name":"Response.cpp"}}},"message":"Response.cpp:371 Policy action workflow: success - Successfully executed all workflows","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372521113Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | agent_connectivity","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372552029Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | load_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37257693Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | workflow","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372601426Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | download_global_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372626381Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | download_user_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372651566Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | configure_malware","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372677103Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | read_malware_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372701997Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | load_malware_model","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372726659Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | read_kernel_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372750815Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | configure_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372775477Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | detect_process_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372799868Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | detect_file_write_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372825371Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | connect_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372850189Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | read_user_notification_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37287528Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | configure_user_notification","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372900697Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | read_alerts_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372924796Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | configure_alerts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372948935Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | malware | 1 | full_disk_access","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.372977839Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | load_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373002317Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | workflow","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37302649Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | download_global_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373051769Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | download_user_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373077498Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 4 | configure_diagnostic_malware","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373102231Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":580,"name":"Response.cpp"}}},"message":"Response.cpp:580 Setting malware to failure because of configure_diagnostic_malware status","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373127512Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | read_diagnostic_malware_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373153384Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 4 | load_diagnostic_malware_model","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373179089Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | detect_process_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37320497Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | detect_file_write_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373239219Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | connect_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373265543Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | read_kernel_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373290379Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | configure_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373314688Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | malware | 1 | full_disk_access","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373344815Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | agent_connectivity","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373370804Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | load_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.37339595Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | workflow","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373422062Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | download_global_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373448642Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | download_user_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373474777Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | read_events_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373513049Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | detect_process_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373539669Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | detect_file_write_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373565973Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | detect_network_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373590894Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | configure_file_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373615449Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | configure_network_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373640304Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | configure_process_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373665782Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | read_kernel_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373689947Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | configure_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373714377Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | connect_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373739044Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | full_disk_access","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373764073Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | read_user_notification_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373789909Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | events | 1 | configure_user_notification","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373820471Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | streaming | 1 | agent_connectivity","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373846477Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | streaming | 1 | load_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373872979Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | streaming | 1 | read_elasticsearch_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373899328Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | streaming | 1 | configure_elasticsearch_connection","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373925531Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | streaming | 1 | workflow","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373954543Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | logging | 1 | agent_connectivity","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.373981284Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | logging | 1 | load_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374006666Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | logging | 1 | read_logging_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374032116Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | logging | 1 | configure_logging","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374057136Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: production | logging | 1 | workflow","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374093881Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | load_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374121036Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | workflow","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374146422Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | download_global_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374172931Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | download_user_artifacts","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374198681Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | configure_file_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374223094Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | configure_network_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374248577Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | configure_process_events","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374273724Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | configure_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374297691Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | connect_kernel","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374322821Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | full_disk_access","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374347945Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | read_diagnostic_rules_engine_config","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374374549Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":629,"name":"Response.cpp"}}},"message":"Response.cpp:629 MapActionsToConfiguration: diagnostic | rules_engine | 1 | configure_diagnostic_rules_engine","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.374416806Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1724,"name":"Config.cpp"}}},"message":"Config.cpp:1724 Successsfully applied policy","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.378996395Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":138,"name":"Metadata.cpp"}}},"message":"Metadata.cpp:138 Sending off-schedule metadata message","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.381496061Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271057}}} {"@timestamp":"2021-05-05T09:40:34.383056414Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":29,"name":"SystemInfo.cpp"}}},"message":"SystemInfo.cpp:29 System Information Details:","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383090256Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":30,"name":"SystemInfo.cpp"}}},"message":"SystemInfo.cpp:30 Kernel Release: 19.6.0","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383115747Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":31,"name":"SystemInfo.cpp"}}},"message":"SystemInfo.cpp:31 Kernel Version: Darwin Kernel Version 19.6.0: Mon Aug 31 22:12:52 PDT 2020; root:xnu-6153.141.2~1/RELEASE_X86_64","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383169268Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":32,"name":"SystemInfo.cpp"}}},"message":"SystemInfo.cpp:32 System Bitness: 64","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383197283Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":33,"name":"SystemInfo.cpp"}}},"message":"SystemInfo.cpp:33 Endpoint Bitness: 64","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383230917Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":112,"name":"MetadataThread.cpp"}}},"message":"MetadataThread.cpp:112 Operating System is: macOS 10.15.7","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383260955Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":519,"name":"MetadataThread.cpp"}}},"message":"MetadataThread.cpp:519 Sending endpoint metadata","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.383438128Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":523,"name":"MetadataThread.cpp"}}},"message":"MetadataThread.cpp:523 Sending endpoint metric","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:40:34.384410337Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.412088103Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 9937","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:40:34.412336014Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.412394089Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to metrics-endpoint.policy-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.415548752Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.451674128Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 17 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.451734593Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 6 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.451762385Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.network-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.451788241Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 9 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:34.451825359Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to metrics-endpoint.metadata-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:40:37.042542964Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2649","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:40:37.147392509Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2650","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:40:46.053282567Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:40:47.101710879Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2652","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:40:47.198160778Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2653","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:40:57.039347577Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2655","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:40:57.148848335Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2656","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:41:04.496833484Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:04.497681932Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 9980","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:41:04.523700718Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:04.523745686Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:04.52837834Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:04.575372306Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 40 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:04.575474027Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 12 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:04.575515309Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 28 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:06.081729594Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:41:07.039252111Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2658","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:41:07.146834269Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2659","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:41:09.301818653Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: filebeat","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:41:17.039660426Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2661","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:41:17.143198261Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2662","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:41:26.108817086Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:41:27.038462374Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2664","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:41:27.145704582Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2665","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:41:34.568666696Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10020","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:41:34.570198524Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:34.597138001Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:34.597190236Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:34.601755188Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:34.648252509Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 38 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:34.648357757Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:34.64838669Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 24 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:41:37.051685372Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2667","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:41:37.142470013Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2668","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:41:46.111052504Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:41:47.050581763Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2670","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:41:47.152386591Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2671","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:41:57.043127154Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2673","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:41:57.142924006Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2674","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:42:00.518038465Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: metricbeat","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:00.544439898Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.SubmitDiagInfo","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:00.585632045Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.backupd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:00.64039084Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.AddressBookSourceSync","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:00.671122833Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.fseventsd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.159413462Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.mds","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.183576147Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.mds_stores","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.203730755Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.cloudd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.236979667Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.analyticsd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.280132816Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.parsec-fbf","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.407244401Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.parsecd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.807812573Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.identityservicesd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.819954833Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.photoanalysisd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.83610677Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.photolibraryd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.866255742Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.syncdefaultsd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:01.8885556Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.xpc.launchd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.003576838Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.locationd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.021091284Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.logd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.048017365Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.nsurlsessiond","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.063729937Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.nsurlstoraged","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.079975018Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.rtcreportingd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.099771899Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.trustd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.119477938Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.cfprefsd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.1348562Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.syslogd","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.148253143Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.system_profiler","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.176437171Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":308,"name":"MachOInfo.cpp"}}},"message":"MachOInfo.cpp:308 Signature identifier: com.apple.systemstats","process":{"pid":560,"thread":{"id":94304}}} {"@timestamp":"2021-05-05T09:42:02.180271203Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:02.199061237Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10052","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:42:02.21178905Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:02.211834287Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to metrics-endpoint.metrics-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:02.215745552Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:02.254373691Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 32 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:02.254455729Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 12 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:02.254481377Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 20 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:06.117736569Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:42:07.040342229Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2676","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:42:07.231862109Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2677","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:42:17.114029376Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2679","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:17.145453957Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2680","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:42:26.184439133Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:42:27.031234445Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2682","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:27.208474831Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2683","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:42:32.222877988Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.223723923Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10092","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:42:32.250693993Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.250744671Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.254770874Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.297204375Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 37 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.297290961Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.297316972Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.network-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:32.297341983Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:42:37.041644304Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2685","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:37.140941045Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2686","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:42:46.158677675Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":85,"name":"DocumentLogging.cpp"}}},"message":"DocumentLogging.cpp:85 Executing document logging maintenance routine","process":{"pid":560,"thread":{"id":94295}}} {"@timestamp":"2021-05-05T09:42:46.337471656Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:42:47.086473294Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2688","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:47.177645772Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2689","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:42:51.233554978Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2691","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:42:51.23417337Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2692","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:51.276258547Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2691","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:42:51.278391666Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2692","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:54.320274581Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2693","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:42:54.447198942Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2693","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:42:57.040320337Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2694","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:42:57.156884451Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2695","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:43:02.276921793Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.288800223Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2697","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:43:02.296591339Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10697","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:43:02.305386219Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.305425636Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.330531386Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.366802862Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2697","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:43:02.674679605Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 450 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.675215821Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 419 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.675251354Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 31 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.68441244Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.818449104Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 154 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.818667889Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 152 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:02.81869815Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:06.48098649Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:43:07.040544525Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2698","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:43:07.202190181Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2699","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:43:17.039175603Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2701","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:43:17.143920228Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2702","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:43:26.629846528Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:43:27.031537941Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2704","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:43:27.15210374Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2705","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:43:32.399274482Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:32.400425504Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10759","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:43:32.443818403Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:32.443880905Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:32.449002775Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:32.583057334Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 61 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:32.583190918Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 29 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:32.583219393Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 32 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:43:37.032075387Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2707","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:43:37.139027339Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2708","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:43:46.720935365Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:43:47.068999687Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2710","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:43:47.135713618Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2711","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:43:57.031431587Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2713","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:43:57.137054352Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2714","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:44:02.520508829Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.521357608Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10798","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:44:02.548183055Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.548221839Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.548253312Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.552140081Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.590876044Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 37 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.590975469Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 15 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:02.59100354Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:06.762601772Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:44:07.058815703Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2716","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:44:07.227087096Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2717","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:44:17.029635485Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2719","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:44:17.13979806Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2720","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:44:26.888099569Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:44:27.026170594Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2722","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:44:27.132553649Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2723","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:44:32.680101902Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:32.680903561Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10839","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:44:32.707395375Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:32.707451525Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:32.711547289Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:32.753655163Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 39 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:32.753740946Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 18 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:32.753767242Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 21 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:44:37.043215979Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2725","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:44:37.132679876Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2726","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:44:46.999038771Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:44:47.035386508Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2728","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:44:47.131605451Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2729","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:44:57.031837968Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2731","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:44:57.134713341Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2732","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:02.801080094Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:02.80187537Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10881","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:45:02.828045475Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:02.828103071Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:02.832249742Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:02.872551587Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 41 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:02.872635122Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 16 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:02.872661143Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 25 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:07.025319544Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2734","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:07.092021906Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:45:07.132410326Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2735","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:45:17.060914215Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2737","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:17.148602564Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2738","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:45:27.046874704Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2740","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:27.129896362Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2741","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:45:27.153700199Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:45:32.91433401Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:32.915099783Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10917","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:45:32.94099808Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:32.941038448Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:32.944874024Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:32.983017598Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 35 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:32.983112338Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:32.983141254Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 21 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:45:37.084324161Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2743","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:37.212778517Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2744","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:45:47.035688746Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2746","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:47.13092295Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2747","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:45:47.20861153Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:45:57.02143187Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2749","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:45:57.131607429Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2750","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:46:03.045093648Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:03.045912716Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10958","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:46:03.071107911Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:03.071155494Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:03.075178484Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:03.116864474Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 40 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:03.116953813Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:03.116980051Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 26 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:07.050542923Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2752","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:46:07.213694775Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:46:07.230027193Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2753","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:46:17.051144948Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2755","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:46:17.135154307Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2756","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:46:27.021066245Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2758","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:46:27.130818802Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2759","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:46:27.313470161Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:46:33.172499528Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:33.173211631Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 10996","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:46:33.201638794Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:33.201679114Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:33.205481551Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:33.245265482Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 36 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:33.245340331Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:33.24536632Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:46:37.110700527Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2761","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:46:37.133863133Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2762","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:46:47.06915373Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2764","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:46:47.214563409Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2765","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:46:47.414627838Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:46:57.088338715Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2767","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:46:57.13085509Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2768","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:47:03.194131469Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:03.194966281Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11035","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:47:03.220935059Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:03.221024298Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:03.225276898Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:03.265944081Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 37 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:03.266044708Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:03.266073486Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:07.01658255Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2770","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:47:07.130836131Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2771","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:47:07.540459138Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:47:17.024916259Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2773","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:47:17.124573715Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2774","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:47:27.102588176Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2776","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:47:27.126997249Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2777","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:47:27.652214403Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:47:33.214694929Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.215351787Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11076","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:47:33.245691469Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 3 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.24574949Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.245779609Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.249764988Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.292836969Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 38 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.292939088Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:33.292968186Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 24 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:47:37.018647184Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2779","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:47:37.13026052Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2780","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:47:46.233129695Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":85,"name":"DocumentLogging.cpp"}}},"message":"DocumentLogging.cpp:85 Executing document logging maintenance routine","process":{"pid":560,"thread":{"id":94295}}} {"@timestamp":"2021-05-05T09:47:47.017124884Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2782","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:47:47.123041547Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2783","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:47:47.738471609Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:47:57.061428957Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2785","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:47:57.125399096Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2786","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:48:03.361178958Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:03.3618968Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11114","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:48:03.387765055Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:03.387810732Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:03.391786972Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:03.432019752Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 37 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:03.432109008Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:03.432137177Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:07.019157474Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2788","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:48:07.215602615Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2789","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:48:07.813187972Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:48:17.040666472Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2791","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:48:17.145612888Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2792","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:48:27.015218236Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2794","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:48:27.124155335Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2795","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:48:27.963315156Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:48:33.421352606Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:33.422090782Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11150","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:48:33.449626422Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:33.449675932Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:33.453518349Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:33.492322554Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 34 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:33.49241307Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 12 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:33.492440337Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:48:37.066844018Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2797","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:48:37.17035987Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2798","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:48:47.032025763Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2800","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:48:47.118360667Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2801","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:48:48.075394063Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:48:57.041865305Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2803","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:48:57.117663961Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2804","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:49:03.540636325Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:03.541497825Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11194","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:49:03.566545517Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:03.5665848Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:03.57071829Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:03.627165836Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 42 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:03.627251203Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 18 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:03.627277982Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 24 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:07.019727831Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2806","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:49:07.120179115Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2807","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:49:08.213287702Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:49:17.010337825Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2809","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:49:17.123941079Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2810","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:49:27.058071666Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2812","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:49:27.167972388Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2813","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:49:28.363172485Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:49:33.600475405Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:33.601918744Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11228","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:49:33.626594404Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:33.62662947Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:33.630099247Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:33.671896228Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 33 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:33.671978265Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 12 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:33.672005651Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 21 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:49:37.014418446Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2815","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:49:37.173897018Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2816","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:49:47.027402492Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2818","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:49:47.127754661Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2819","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:49:48.503525094Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:49:57.060776966Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2821","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:49:57.200446549Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2822","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:50:03.635543437Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:03.636308734Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11270","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:50:03.660346443Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:03.660385174Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:03.664317733Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:03.707350504Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 41 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:03.707459883Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 16 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:03.707488603Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 25 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:07.009128753Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2824","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:50:07.116175257Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2825","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:50:08.565329206Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:50:17.009357901Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2827","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:50:17.116137112Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2828","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:50:27.015924957Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2830","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:50:27.116316015Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2831","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:50:28.680903351Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:50:33.781074145Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:33.781771317Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11306","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:50:33.808490458Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:33.80852803Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:33.812300434Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:33.851676349Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 34 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:33.851772581Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 12 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:33.851801351Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:50:37.072801927Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2833","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:50:37.192848788Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2834","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:50:47.005612774Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2836","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:50:47.116574173Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2837","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:50:48.779039415Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:50:57.015106673Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2839","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:50:57.202116355Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2840","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:03.936692046Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:03.937493935Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11344","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:51:03.961885595Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:03.961927927Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:03.966091606Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:04.004535946Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 37 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:04.004636202Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 14 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:04.004664669Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:07.015899222Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2842","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:07.114893141Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2843","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:51:08.889856029Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:51:17.00615173Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2845","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:51:17.111951368Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2846","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:27.050185878Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2848","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:27.124607784Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2849","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:51:28.947481259Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:51:34.091959893Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:34.09263739Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11380","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:51:34.118412086Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 3 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:34.1184531Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 3 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:34.122163139Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:34.163853004Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 33 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:34.163936488Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 10 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:34.16396314Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:51:37.026723814Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2851","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:37.134981598Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2852","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:51:47.005108061Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2854","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:47.121526795Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2855","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:51:49.099870747Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:51:57.001364712Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2857","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:51:57.115175748Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2858","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:52:04.22024842Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:04.221035402Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11404","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:52:04.24578449Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:04.245840979Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:04.249483789Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:04.287691268Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:04.287777146Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:07.004568863Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2860","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:52:07.112785893Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2861","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:52:09.250698488Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:52:17.012595428Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2863","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:52:17.10789831Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2864","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:52:27.040564448Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2866","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:52:27.164650989Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2867","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:52:29.398819406Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:52:34.322388826Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:34.322890385Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11429","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:52:34.346873451Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:34.346924566Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:34.350445575Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:34.38745831Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 24 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:34.387539338Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.network-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:34.387566575Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:52:37.100768788Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2869","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:52:37.126002472Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2870","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:52:46.30555713Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":85,"name":"DocumentLogging.cpp"}}},"message":"DocumentLogging.cpp:85 Executing document logging maintenance routine","process":{"pid":560,"thread":{"id":94295}}} {"@timestamp":"2021-05-05T09:52:47.002092578Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2872","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:52:47.106488249Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2873","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:52:49.50616193Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:52:57.010001907Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2875","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:52:57.116067927Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2876","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:04.43337266Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:04.433879809Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11453","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:53:04.457680938Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:04.457722977Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:04.461134134Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:04.497817935Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:04.497892251Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:07.071905367Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2878","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:53:07.124406506Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2879","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:09.59378908Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:53:17.006230681Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2881","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:17.109538853Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2882","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:53:27.068170653Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2884","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:27.153724995Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2885","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:53:29.686046646Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:53:34.600522459Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:34.601133503Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11477","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:53:34.639863378Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:34.639921458Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:34.64342Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:34.736327424Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:34.736414573Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:53:36.999209531Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2887","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:37.102176123Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2888","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:53:47.017016737Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2890","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:47.106782381Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2891","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:53:49.764913694Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:53:57.007532763Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2893","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:53:57.1050596Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2894","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:54:04.75791365Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:04.758106738Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11501","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:54:04.783395941Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:04.783446098Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:04.786876802Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:04.823493385Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:04.823578262Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:06.99445432Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2896","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:54:07.112815072Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2897","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:54:09.898621457Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:54:17.008545767Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2899","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:54:17.14812274Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2900","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:54:26.993266686Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2902","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:54:27.10097025Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2903","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:54:30.015559607Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:54:34.873811611Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:34.874007292Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11525","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:54:34.899978796Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:34.900016674Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:34.903385727Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:34.94039538Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 22 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:34.940464084Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:54:37.037764137Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2905","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:54:37.118842073Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2906","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:54:46.993894064Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2908","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:54:47.103166314Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2909","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:54:50.1123963Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:54:57.056223221Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2911","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:54:57.107521708Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2912","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:55:04.913951879Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:04.914685465Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11557","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:55:04.939487342Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:04.939530645Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:04.943221621Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:04.981753895Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 31 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:04.98183891Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 8 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:04.981865836Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:06.991506326Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2914","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:55:07.102764991Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2915","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:55:10.240669726Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:55:17.026452845Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2917","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:55:17.113106305Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2918","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:55:26.992535491Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2920","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:55:27.100557101Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2921","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:55:30.34167806Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:55:34.981165247Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:34.981446988Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11581","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:55:35.008576536Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:35.008625979Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:35.012028013Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:35.048835995Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 22 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:35.048911461Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:55:37.006200701Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2923","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:55:37.137746012Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2924","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:55:47.035587873Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2926","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:55:47.137688862Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2927","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:55:50.434104113Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:55:57.027203427Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2929","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:55:57.176821051Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2930","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:56:05.001802264Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:05.002430912Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11611","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:56:05.02846327Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:05.028507195Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:05.032106141Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:05.070754223Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 29 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:05.070834779Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 6 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:05.070864726Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:06.992393564Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2932","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:56:07.101030775Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2933","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:56:10.54612826Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:56:16.994783766Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2935","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:56:17.180488423Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2936","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:56:26.987969543Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2938","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:56:27.123422322Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2939","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:56:30.660020808Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:56:35.057798114Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:35.058622047Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11635","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:56:35.08583202Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:35.085891672Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:35.089350842Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:35.127618487Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:35.127705535Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:56:36.998769904Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2941","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:56:37.096324904Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2942","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:56:46.985643922Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2944","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:56:47.097098148Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2945","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:56:50.776844006Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:56:57.117317269Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2947","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:56:57.126926278Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2948","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:57:05.096644461Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:05.096841144Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11660","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:57:05.125033821Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:05.125077433Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:05.128507079Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:05.170852718Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:05.170929023Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:07.017299328Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2950","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:57:07.186166157Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2951","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:57:10.871524831Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:57:17.043802215Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2953","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:57:17.200191665Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2954","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:57:27.002493924Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2956","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:57:27.240799735Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2957","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:57:31.004436181Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:57:35.252257596Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:35.252623237Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11684","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:57:35.279981427Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:35.280031831Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:35.283493854Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:35.322813448Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 22 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:35.322901188Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:57:36.983861552Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2959","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:57:37.091869595Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2960","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:57:46.381196014Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":85,"name":"DocumentLogging.cpp"}}},"message":"DocumentLogging.cpp:85 Executing document logging maintenance routine","process":{"pid":560,"thread":{"id":94295}}} {"@timestamp":"2021-05-05T09:57:47.042354208Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2962","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:57:47.100360692Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2963","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:57:51.098784003Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:57:56.986166352Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2965","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:57:57.091569941Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2966","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:58:05.413760266Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:05.41401175Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11710","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:58:05.438676313Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:05.438731375Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:05.442230101Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:05.479497116Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 24 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:05.479577998Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:05.479605878Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:07.065207805Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2968","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:58:07.088192491Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2969","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:58:11.216210586Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:58:11.362592737Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2971","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:58:16.991882365Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2972","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:58:17.088268772Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2973","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:58:26.989945526Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2975","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:58:27.089922239Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2976","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:58:31.303215357Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:58:35.474803154Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:35.475851187Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11740","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:58:35.500974016Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:35.501026562Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:35.504687314Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:35.541784646Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 28 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:35.541868688Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 3 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:35.541895611Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 25 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:58:37.003795162Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2978","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:58:37.175252506Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2979","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:58:37.847330417Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2981","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:58:47.037592518Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2982","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:58:47.144222535Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2983","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:58:50.072153426Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2985","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:58:51.401015531Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:58:56.981577195Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2986","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:58:57.088169052Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2987","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:58:57.223320706Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2989","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:05.609881375Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:05.610711158Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11778","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:59:05.635255191Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:05.635313646Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:05.63946649Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:05.682430172Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 37 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:05.6825237Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 5 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:05.682550616Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 32 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:06.875059361Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2990","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:06.989064538Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2991","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:59:07.23084695Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2992","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:08.313127719Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2994","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:59:08.357461486Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2994","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:08.388705152Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2997","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:10.168096118Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2998","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:59:11.547130959Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:59:17.021830762Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 2999","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:59:17.1926346Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3000","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:20.440934188Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3002","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:21.084188985Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3003","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:21.427889963Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3004","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:59:21.445426866Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3004","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:59:26.982445162Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3005","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:27.183142443Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3006","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:31.665521417Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:59:32.826538747Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3008","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:35.689530657Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:35.691014166Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11849","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T09:59:35.721114403Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:35.721179493Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:35.726976733Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:35.796201575Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 70 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:35.796320366Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:35.796348366Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 48 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T09:59:36.995119098Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3009","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:37.213136843Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3010","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:59:38.09199615Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3012","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:45.277229512Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3013","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T09:59:46.979925146Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3014","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:59:47.083611595Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3015","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:50.442939112Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3017","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T09:59:51.730406671Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T09:59:55.162628443Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3018","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T09:59:57.064508709Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3019","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T09:59:57.096399762Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3020","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:00:03.1196341Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3022","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:00:05.727148767Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:05.72821541Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11892","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:00:05.753768267Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:05.753857264Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:05.758646849Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:05.805474412Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 41 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:05.805567297Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 3 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:05.805594827Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 38 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:06.975337438Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3023","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:00:07.080893559Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3024","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:00:11.837623391Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:00:17.013099764Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3026","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:00:17.151811931Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3027","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:00:27.059688052Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3029","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:00:27.086349173Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3030","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:00:31.846027767Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:00:35.755821438Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:35.756708382Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11923","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:00:35.782249717Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:35.782306315Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:35.788772909Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:35.827123467Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 30 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:35.827205953Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 5 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:35.827232398Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 25 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:00:36.981945944Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3032","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:00:37.085777642Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3033","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:00:47.021276987Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3035","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:00:47.160409375Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3036","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:00:51.848569091Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:00:56.972681649Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3038","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:00:57.214629351Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3039","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:01:05.833579721Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:05.834063367Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11947","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:01:05.863518178Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:05.863572038Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:05.866983965Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:05.930450914Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 22 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:05.930528959Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:07.00181052Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3041","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:01:07.148225203Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3042","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:01:11.864131266Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:01:16.998698022Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3044","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:01:17.119475212Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3045","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:01:24.346265552Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3047","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:01:24.380749778Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3047","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:01:26.985612869Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3048","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:01:27.085866468Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3049","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:01:31.876938608Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:01:35.88166662Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:35.882707097Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 11980","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:01:35.909052635Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:35.909096535Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:35.912837632Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:35.951004577Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 31 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:35.951099019Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 6 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:35.951128927Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 25 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:01:36.994748667Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3051","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:01:37.110483753Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3052","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:01:47.032974197Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3054","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:01:47.173902639Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3055","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:01:51.885710967Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:01:56.989437656Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3057","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:01:57.07991869Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3058","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:02:05.957383401Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:05.957531283Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 12004","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:02:05.984398583Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:05.984438381Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:05.987804404Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:06.024008853Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 22 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:06.024089655Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 22 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:06.987536038Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3060","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:02:07.077689057Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3061","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:02:11.004522253Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3063","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:02:11.981009585Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:02:15.40496366Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3064","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:02:17.02429632Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3065","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:02:17.079847313Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3066","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:02:19.245570187Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3068","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:02:27.044384448Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3069","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:02:27.073445628Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3070","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:02:31.984372229Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:02:36.021027264Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:36.021709104Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 12038","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:02:36.046734398Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:36.046775212Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:36.050577719Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:36.091377939Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 32 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:36.091464818Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 32 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:02:36.992612216Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3072","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:02:37.078096722Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3073","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:02:46.442748795Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":85,"name":"DocumentLogging.cpp"}}},"message":"DocumentLogging.cpp:85 Executing document logging maintenance routine","process":{"pid":560,"thread":{"id":94295}}} {"@timestamp":"2021-05-05T10:02:47.0170493Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3075","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:02:47.224230681Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3076","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:02:52.110305436Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:02:57.021105654Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3078","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:02:57.095714188Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3079","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:03:02.141506429Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3081","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:03:06.153990517Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:06.154366131Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 12063","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:03:06.179718163Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 2 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:06.179759376Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 2 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:06.183172099Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:06.220099609Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:06.220174345Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:06.97414036Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3082","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:03:07.07160631Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3083","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:03:10.350966487Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3085","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:03:12.170364242Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:03:13.711960945Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3086","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:03:16.97152542Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3087","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:03:17.083883983Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3088","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:03:26.982205929Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3090","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:03:27.069534074Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3091","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:03:32.308564307Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:03:36.28491349Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:36.285459967Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 12094","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:03:36.311007133Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:36.311052236Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:36.315220484Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:36.356909664Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 30 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:36.356995074Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 30 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:03:36.980008924Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3093","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:03:37.074559735Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3094","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:03:46.969757961Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3096","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:03:47.106716707Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3097","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:03:52.44087407Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:03:57.030560685Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3099","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:03:57.078914289Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3100","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:06.433009758Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.433643653Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 12120","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:04:06.460237626Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.460288214Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.463794007Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.503441989Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 25 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.503522541Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.file-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.503549956Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 24 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:06.963791765Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3102","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:04:07.068688561Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3103","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:12.569535629Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:04:16.962181806Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3105","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:04:17.090103636Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3106","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:26.963803911Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3108","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:04:27.067774464Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3109","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:32.670570774Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:04:36.535358661Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:36.536100744Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":354,"name":"DocumentLoggingConsumer.cpp"}}},"message":"DocumentLoggingConsumer.cpp:354 Total documents searched 12144","process":{"pid":560,"thread":{"id":94297}}} {"@timestamp":"2021-05-05T10:04:36.562034658Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 1 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:36.562097002Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 1 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:36.56559889Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":1559,"name":"HttpLib.cpp"}}},"message":"HttpLib.cpp:1559 Establishing POST connection to [https://5b470d5bd324431a9eb6664ccb4b5a8a.eastus2.staging.azure.foundit.no:443/_bulk]","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:36.602629822Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":224,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:224 Sent 23 documents to Elasticsearch","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:36.602710103Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":229,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:229 Sent 23 documents to logs-endpoint.events.process-default","process":{"pid":560,"thread":{"id":94296}}} {"@timestamp":"2021-05-05T10:04:36.967754788Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3111","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:04:37.0682806Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3112","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:42.207145065Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"error","origin":{"file":{"line":1033,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:1033 Intercepted unsupported file event type [6]","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:42.240189274Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"error","origin":{"file":{"line":1033,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:1033 Intercepted unsupported file event type [6]","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:04:42.24599941Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"error","origin":{"file":{"line":1033,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:1033 Intercepted unsupported file event type [6]","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:42.25579795Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"error","origin":{"file":{"line":1033,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:1033 Intercepted unsupported file event type [6]","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:04:42.257522562Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"error","origin":{"file":{"line":1033,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:1033 Intercepted unsupported file event type [6]","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:04:42.265941068Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"error","origin":{"file":{"line":1033,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:1033 Intercepted unsupported file event type [6]","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:04:46.990118656Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3114","process":{"pid":560,"thread":{"id":179082}}} {"@timestamp":"2021-05-05T10:04:47.055173909Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3115","process":{"pid":560,"thread":{"id":179084}}} {"@timestamp":"2021-05-05T10:04:47.147663678Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3116","process":{"pid":560,"thread":{"id":179081}}} {"@timestamp":"2021-05-05T10:04:52.798545128Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":125,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:125 Agent check-in returned status Success","process":{"pid":560,"thread":{"id":271059}}} {"@timestamp":"2021-05-05T10:04:56.964384539Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3118","process":{"pid":560,"thread":{"id":179083}}} {"@timestamp":"2021-05-05T10:04:57.080653932Z","agent":{"id":"af61aa50-b6f0-fd6a-6d8c-5c50d013d0b4","type":"endpoint"},"ecs":{"version":"1.6.0"},"log":{"level":"info","origin":{"file":{"line":787,"name":"Events_Watcher.cpp"}}},"message":"Events_Watcher.cpp:787 Delaying exec for 3119","process":{"pid":560,"thread":{"id":179081}}}