diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b2a9fd8e8455..8d30602cbb13 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -148,6 +148,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Integrate the azure-eventhub with filebeat azure module (replace the kafka input). {pull}15480[15480] - Release aws s3access fileset to GA. {pull}15431[15431] {issue}15430[15430] - Add cloudtrail fileset to AWS module. {issue}14657[14657] {pull}15227[15227] +- New fileset googlecloud/firewall for ingesting Google Cloud Firewall logs. {pull}14553[14553] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index a4dda39021ab..98dc6ff13e37 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -11952,6 +11952,154 @@ Fields from Google Cloud logs. +[float] +=== destination.instance + +If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. + + + +*`googlecloud.destination.instance.project_id`*:: ++ +-- +ID of the project containing the VM. + + +type: keyword + +-- + +*`googlecloud.destination.instance.region`*:: ++ +-- +Region of the VM. + + +type: keyword + +-- + +*`googlecloud.destination.instance.zone`*:: ++ +-- +Zone of the VM. + + +type: keyword + +-- + +[float] +=== destination.vpc + +If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. + + + +*`googlecloud.destination.vpc.project_id`*:: ++ +-- +ID of the project containing the VM. + + +type: keyword + +-- + +*`googlecloud.destination.vpc.vpc_name`*:: ++ +-- +VPC on which the VM is operating. + + +type: keyword + +-- + +*`googlecloud.destination.vpc.subnetwork_name`*:: ++ +-- +Subnetwork on which the VM is operating. + + +type: keyword + +-- + +[float] +=== source.instance + +If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. + + + +*`googlecloud.source.instance.project_id`*:: ++ +-- +ID of the project containing the VM. + + +type: keyword + +-- + +*`googlecloud.source.instance.region`*:: ++ +-- +Region of the VM. + + +type: keyword + +-- + +*`googlecloud.source.instance.zone`*:: ++ +-- +Zone of the VM. + + +type: keyword + +-- + +[float] +=== source.vpc + +If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. + + + +*`googlecloud.source.vpc.project_id`*:: ++ +-- +ID of the project containing the VM. + + +type: keyword + +-- + +*`googlecloud.source.vpc.vpc_name`*:: ++ +-- +VPC on which the VM is operating. + + +type: keyword + +-- + +*`googlecloud.source.vpc.subnetwork_name`*:: ++ +-- +Subnetwork on which the VM is operating. + + +type: keyword + +-- + [float] === audit @@ -12165,137 +12313,117 @@ type: keyword -- [float] -=== vpcflow +=== firewall -Fields for Google Cloud VPC flow logs. +Fields for Google Cloud Firewall logs. -*`googlecloud.vpcflow.reporter`*:: -+ --- -The side which reported the flow. Can be either 'SRC' or 'DEST'. +[float] +=== rule_details +Description of the firewall rule that matched this connection. -type: keyword --- -*`googlecloud.vpcflow.rtt.ms`*:: +*`googlecloud.firewall.rule_details.priority`*:: + -- -Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. - +The priority for the firewall rule. type: long -- -[float] -=== destination.instance - -If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. - - - -*`googlecloud.vpcflow.destination.instance.project_id`*:: +*`googlecloud.firewall.rule_details.action`*:: + -- -ID of the project containing the VM. - +Action that the rule performs on match. type: keyword -- -*`googlecloud.vpcflow.destination.instance.region`*:: +*`googlecloud.firewall.rule_details.direction`*:: + -- -Region of the VM. - +Direction of traffic that matches this rule. type: keyword -- -*`googlecloud.vpcflow.destination.instance.zone`*:: +*`googlecloud.firewall.rule_details.reference`*:: + -- -Zone of the VM. - +Reference to the firewall rule. type: keyword -- -[float] -=== destination.vpc - -If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. - - - -*`googlecloud.vpcflow.destination.vpc.project_id`*:: +*`googlecloud.firewall.rule_details.source_range`*:: + -- -ID of the project containing the VM. - +List of source ranges that the firewall rule applies to. type: keyword -- -*`googlecloud.vpcflow.destination.vpc.vpc_name`*:: +*`googlecloud.firewall.rule_details.destination_range`*:: + -- -VPC on which the VM is operating. - +List of destination ranges that the firewall applies to. type: keyword -- -*`googlecloud.vpcflow.destination.vpc.subnetwork_name`*:: +*`googlecloud.firewall.rule_details.source_tag`*:: + -- -Subnetwork on which the VM is operating. +List of all the source tags that the firewall rule applies to. type: keyword -- -[float] -=== source.instance +*`googlecloud.firewall.rule_details.target_tag`*:: ++ +-- +List of all the target tags that the firewall rule applies to. -If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project. +type: keyword +-- -*`googlecloud.vpcflow.source.instance.project_id`*:: +*`googlecloud.firewall.rule_details.ip_port_info`*:: + -- -ID of the project containing the VM. +List of ip protocols and applicable port ranges for rules. -type: keyword +type: array -- -*`googlecloud.vpcflow.source.instance.region`*:: +*`googlecloud.firewall.rule_details.source_service_account`*:: + -- -Region of the VM. +List of all the source service accounts that the firewall rule applies to. type: keyword -- -*`googlecloud.vpcflow.source.instance.zone`*:: +*`googlecloud.firewall.rule_details.target_service_account`*:: + -- -Zone of the VM. +List of all the target service accounts that the firewall rule applies to. type: keyword @@ -12303,39 +12431,29 @@ type: keyword -- [float] -=== source.vpc - -If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project. - - - -*`googlecloud.vpcflow.source.vpc.project_id`*:: -+ --- -ID of the project containing the VM. +=== vpcflow +Fields for Google Cloud VPC flow logs. -type: keyword --- -*`googlecloud.vpcflow.source.vpc.vpc_name`*:: +*`googlecloud.vpcflow.reporter`*:: + -- -VPC on which the VM is operating. +The side which reported the flow. Can be either 'SRC' or 'DEST'. type: keyword -- -*`googlecloud.vpcflow.source.vpc.subnetwork_name`*:: +*`googlecloud.vpcflow.rtt.ms`*:: + -- -Subnetwork on which the VM is operating. +Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. -type: keyword +type: long -- diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/googlecloud.asciidoc index 74316214ceab..047030f1be9f 100644 --- a/filebeat/docs/modules/googlecloud.asciidoc +++ b/filebeat/docs/modules/googlecloud.asciidoc @@ -12,8 +12,9 @@ This file is generated! See scripts/docs_collector.py beta[] -This is a module for Google Cloud logs. It supports reading VPC flow logs that -have been exported from Stackdriver to a Google Pub/Sub topic sink. +This is a module for Google Cloud logs. It supports reading VPC flow +and firewall logs that have been exported from Stackdriver to a +Google Pub/Sub topic sink. include::../include/what-happens.asciidoc[] @@ -39,6 +40,7 @@ Example config: var.topic: googlecloud-vpc-flowlogs var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false ---- include::../include/var-paths.asciidoc[] @@ -60,6 +62,56 @@ exist it will be created. Path to a JSON file containing the credentials and key used to subscribe. +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:fileset_ex!: + +:fileset_ex: firewall + +[float] +==== `firewall` fileset settings + +Example config: + +[source,yaml] +---- +- module: googleclcoud + firewall: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-flowlogs + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + :has-dashboards!: :fileset_ex!: diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 45a2c918c831..28f911bfa36f 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -303,6 +303,24 @@ filebeat.modules: # the subscription. var.credentials_file: ${path.config}/gcp-service-account-xyz.json + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + audit: enabled: true diff --git a/x-pack/filebeat/module/googlecloud/_meta/config.yml b/x-pack/filebeat/module/googlecloud/_meta/config.yml index 705d6247946b..7ca54bd84c06 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/config.yml +++ b/x-pack/filebeat/module/googlecloud/_meta/config.yml @@ -17,6 +17,24 @@ # the subscription. var.credentials_file: ${path.config}/gcp-service-account-xyz.json + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + audit: enabled: true diff --git a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc b/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc index 9204e726541d..b0d75e06b10e 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc @@ -7,8 +7,9 @@ beta[] -This is a module for Google Cloud logs. It supports reading VPC flow logs that -have been exported from Stackdriver to a Google Pub/Sub topic sink. +This is a module for Google Cloud logs. It supports reading VPC flow +and firewall logs that have been exported from Stackdriver to a +Google Pub/Sub topic sink. include::../include/what-happens.asciidoc[] @@ -34,6 +35,7 @@ Example config: var.topic: googlecloud-vpc-flowlogs var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false ---- include::../include/var-paths.asciidoc[] @@ -55,6 +57,56 @@ exist it will be created. Path to a JSON file containing the credentials and key used to subscribe. +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:fileset_ex!: + +:fileset_ex: firewall + +[float] +==== `firewall` fileset settings + +Example config: + +[source,yaml] +---- +- module: googleclcoud + firewall: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-flowlogs + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + :has-dashboards!: :fileset_ex!: diff --git a/x-pack/filebeat/module/googlecloud/_meta/fields.yml b/x-pack/filebeat/module/googlecloud/_meta/fields.yml index e812267e7c68..8f97f9b19c09 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/fields.yml +++ b/x-pack/filebeat/module/googlecloud/_meta/fields.yml @@ -8,3 +8,92 @@ description: > Fields from Google Cloud logs. fields: + - name: destination.instance + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: destination.vpc + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + + - name: source.instance + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: source.vpc + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. diff --git a/x-pack/filebeat/module/googlecloud/fields.go b/x-pack/filebeat/module/googlecloud/fields.go index 25efce33ec9d..2b4b6537850c 100644 --- a/x-pack/filebeat/module/googlecloud/fields.go +++ b/x-pack/filebeat/module/googlecloud/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGooglecloud returns asset data. // This is the base64 encoded gzipped contents of module/googlecloud. func AssetGooglecloud() string { - return "eJzsWEtv67gV3udXnF1awNFFt1kUCJykNXpT5CZuCszGoMVjiROK1PBhj++vHxxSkvWyHd84M5hBvMhDpr7z8Tw/8gpecXsNmdaZxFRqzy8AnHASr+Ff4SFMq6ccbWpE6YRW1/DPCwCAB829RFhpAzlTXAqVgdSZhZXRRef95AJgJVByex3evALFCuwbpo/blvTcaF9WT0YM0+c+wA1NBQZJtaxts22XeS5c83TM6gHLbevadI0H4A6FMRo7ImS4AxyZvOJ2ow3vfHOADcB8WyKURpdo3DYZMcS8y1E5kTICWAi10iN2+x44YvWmAwoEaorwdwKdpUMH7JiVRqhUlEwusGBC9kzs98cRbgDzHCFAAuPcoLWgV+BybPsCOXiLBgr2StlL3xr8xaN1vR20/aiNcNuFRYmp0+a8hBt8qPHBlpiKlUAOy22boTYTECtgapvAzIGwoLSDzDPDlEPkMDDgcuYCQuNz2DALTEq9QQ5OkzPA5cLueHT80PPC94PJxIxh29OSqcFs51KoMmJN2R2z6+3JhaYQ1gqtzhsmCoEwyGF289AysidpshCRvplIYam1RNand4TC/3N0ORrQJsS8E47gLoNWe5MiMMVb/EK4KzZ7uNZvLphzRiy9QzvKe9gq3pbfDWpdjbXBpLd+LKw7mhbNWqQ4TPEDcT1KMFIkAzW5ykyfW82Cfn40hX3+2TtCzsSBIA5xqO0X6HLNFwNX/OgkG49AZYYyftcG4F4buHmcQcqktJPYuXp4NtdeclhiQGsj04sRNem/RLj4KytKiRO4jCol4cwx6rqYrP+R3Db/PHn1zaPZXo45R/liYdCWWllcCIeFHfGR1Co70UG+WFL5ryBggkHnjUIe5RCDr8I6clUg1tpoHBhlKUXKlnI0nNVweb84mLc7djNVT5AF2ulhVr2vc7dV0i63R5jVLFZCOjzjiL8PeG8yfd6t/7fTUQ4pnGYAfDiBXVsZ0xjVokWBjlHpvT8jHyokYEvt3f4IHEpL6jRoFqI/+iKhweM3TMTZY1+fRht7wlMRsJ6qGPmC5OuCZajceRVOkMUBt09rTl22rc8q5dmV1SQ8BsCtZmwwLktTbbhQmRw9tuxPxneMl0YcaQOpliSzaRtBHQsb9uqYybDZeWvi7JtWJJnBpjkWeCUplv97mk2CW4RKpef16YJ6cT3S6MUjo8fmKNdovzz/++7r/WJ2+2Wp9asdHTWNq6SO57HztPAa7bAcOVgy3hhUruE1rid/KFGnEboheVBU9qTjhymWdohLNFQndfT3J1In7DulEaUHK4VNUl2M7sYx58dUxQ/EOmI1Wb9Gw6TcS/pgzDUfnx1COcwGE/UN/ajiRsAT2OQizVvdhClA5QtYM+lDHCrJZso0mWrer7KddLWWZWcccjfAcY2SPHa1YimFHY3RprY0ZC4U3KlMCpsncKO2oe3Wrw7gO1gtEEp/Kb5XXddSRQgVYtjyw3NwYMLRMSEHMrkK54R64g6uunBIpUDV1gu1A9dlupJ6c9F33hlu0l4ep0DYJ1ymGSy16cu1dxS1FRyrgFXQPLiDaCUwZYp8jyKcxC+fn6aX5LzL27vneatBj/F0LjnDQeArc6jSLTALBTLrDXL4G/lxPn0MHC1oJbd/B+5N3YCcoFmlHJo1k/UoHzTkeiFKVlpKA3QbREWZFQYZg+e7byHXDKYo1vFZqk086oQ1N9P/9GBpvXCQauWYUHHOKnQbbV7haT6nfWxQSvodbuniMaU6PcigFjhKtj3oW47WCRXblVDWMZWONfkTm+MsdsQWeCOKtFKVfghXafDyEKcRctCxBi3NhpfH6WTgZmFjNpN6KHXp4yY3wuUEU9OHqmQTmClyfc4o0i+P0x5eqtVKZD726gmdc37G1C0Eb0XGgtPVDWD4NooevYnh6AHWBCbgrWdSbjsH8grhuA7onOkqSue+sJjd1gGpN1alWZ34Lw+jaQOd9pEN7wnfzewpoNbs3kDju1Znv8/5SSs8QmGsgNZl+qesncdp01jOXzusORbk2rq/Xhmsy3Ts6P9ubhQVinSYp5ELxa5Slyo7Ssz6ZRXVD+H33MCfTrOhGA8dZx889Xn19LoJldID/Zw57Yh8zpw/fOZUZXPOcfM7VcznpPmcNCfze/Ok+S0AAP//eQio+Q==" + return "eJzsWltvG7sRfvevmDe3gLMHfc1DAUOOW6Nx4WOrKdAXgSZHWtZccsuLVOXXH/C22qssW+sAAaKnZC/ffJwZznyc9Sd4wf1n2Ci1EUiFcuwCwHIr8DP8LVyERbrK0FDNa8uV/Ax/vQAAuFfMCYS10lASyQSXGxBqY2CtVdV5v7gAWHMUzHwOb34CSSrsG/Y/u6/9da1cna6MGPa/2wA3NBUYFOmxts22XYbGckk8ZsGlsURSbB4aI3GEiP/drcGW2IYFFS9RJSXScGVHDBD4dg9CUWKRgZLhEUMqhG8Pi6sOpC25ifyBG6hV7UR4acdt6UEybWBoCRemgDsJBJ5KopF5uA4aVXLNN04HbldQa/VfpHbFGVClNZpaSWbAqkAo3QVbEgtqJ42/2oHLxq/AGUeE2MeFoN5y2rxftF7pB6IdjAOZzu0chhfc75Tu3zsSjBCQmxyAvBiqpCVc+hz1l7/dFxejbDRuuJLzMXkMeJnNpNnvSuJ8Rv+jJI6aHNsA25r+VLn/sACJdqf0y+y57/M9ci+VsT93Im9ruvL/mo+L97yPZclpmWz7+KgavW/lZoKIcc8pXjPzeWqAT6XVUFJOU5yz9EfE92R+yPYO5K+q/6vqf0jVT2k/T8H/IRn/q9b/qvXhd3Kt7zMijnF7Trrng4bS3XNGAO6cNmA0ZzIRb/jiNG8c9cVyX4cEqVHbfTFiiDhborSchk2w4nKtRuz2PfCK1esOKHhQXUX9CMOtPLlpuKS8JmKFFeFivuxYlggBEghjGo3JG6nlC2TgDGqoyEveTxr/59DY3graflSa2/3KoEBqlZ6XcIMPGR9MjZSvOTJ43rcZKn0FfA1E7gu4sz7jpbKwcUQTaREZDAyE+hZLSfJ5rMtCqB0yXwGdwSi0Gx4dP/S88P1oMhGtyf5tydRgtnMp7DLPOm1oJYvTkwt1xY2ZtY0vUwi47zV31/ctIxNJswkRGW8Kz0oJJH16r1D4d4m2RA1Kh5h3whHcpTF1YiJZi18Id2IzwTW/uSLWav7sLJpR3sNScVp+N6h5N2aDRe/5sbC2ekoUmMMUPxLXVwlGit5AJpfM9LllFiPtbHYKU/6ZbCEzcfAQxzhk+xXaUrFhZ39vJxuPQDLjM/5QBuBWabh+uANKhDBRQvarnimVEwyeMaC1kf2LEbXov+Rx8f+kqgVewWUcSBaMWOKrLhbbvxQ3zX8enfzdod5fjjlHumoVFabBFbdYmREfCSU3b3SQq5799l9DwASN1mmJLE4+CXzlxnpXBWKthcaGUdeCU/IsRsOZmsv54mDZrthNV32DLFBWzawXOyrpkNsjzDKLNRcWZ2zxtwHvJNPzLv2fnYpyTOE0DeDDCRzKypjGSA+tKrTEb73zM/I+IQF5Vs5OR+BYWvpKg3rF+60vEhpcPqEj3j309Wm0MRGeRMA4v4uRrbx8XZENSjuvwgmyOOD2aS19lW3rs6Q8u7LaC48BcKsYa4yPUao043IjRo8t08l4RntpxJHSQJUQaUQR1DEPEy6wRG+wWXmr40x1Ky+ZwdASK/wkfCz/9Xh3FdzCJRWO5dOFr8W5pfkXX2k9pkSxRfPb09+/fL1d3d389qzUixltNY2rwoSlr3jfXcIz2nE5cnTLOK1R2obXuJ58V6IuInRD8qio7EnHD1Ms7RDXqP0+ydGfTqRO2A9KI0oPUnNTUFWNrsYS68ZUxTtiHbGarN+iJkJMkj4ac8XGeweXFjeDjnpCPUrcPPBVGvUcqgmRgNJVsCXChTgkyaZrWiwU6++yg3Q1hmxmbHLXwHCLwnvs05pQH3bUWulsacicS/giN4KbsoBruQ9lN786gO9gtUB8+gv+PVVd43cEj+PVlh+eggOLNDEdgodwXvmaeIBLAwcqOMq2XjjII407ItpDm9lGabcJ+w3TNO0ErtICz98RN4ebeUvk9QZLsWFUxNISWTx7HAber5fHzgQsjFomTnGD48GA+TKOdOLcKE9LOlynDo+EDjoFvO34eN1qnqHyes+ksmdAyeigKfuMazybwk0GCWHSZL3mtB0cE4NzzA8a16hRnjdQeMwg+evZSSFIXVsTOahEb7Iez3zr/Akm4JlDXLqpG86A/raajMzh0/183Np/DzBJ8HVuyWWWDPfFmYOPTNTzaH3PsmRzhiujmPwRdJNsPY8ur1e10nY41oUjo9030eV1PN5TJUxoWYeRBHjTOTfCJNMJNK8kQlZ0/jDhBgehj0qKrPGS1fMT5AcvIyXLOctofWpcC7X7CBnw7WEBHvstMgB9EvVE5hni3nCGSbglaBb9I9SugAWRXoMhDxP5y6fHxaUXUZc3X56WrYPaGE9rixkGgl+JRUn3QAxUSIzTyOBP3o/LxUPg6Nuw2P8ZmNP5IGK5P7NKi3pLRD7SDw5m+UEUpDZeDqLdIUqvMMOBlsDTl9/DBtZIkW/jtcNHdf//68U/erD+ed58xo7n7fwZ93G59OvYoe8D8VaqDWmKGP8OgKEg++LijwAAAP//F4rICQ==" } diff --git a/x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml b/x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml new file mode 100644 index 000000000000..e54bfa2ae5c6 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml @@ -0,0 +1,48 @@ +- name: firewall + type: group + description: > + Fields for Google Cloud Firewall logs. + fields: + - name: rule_details + type: group + description: > + Description of the firewall rule that matched this connection. + fields: + - name: priority + type: long + description: The priority for the firewall rule. + - name: action + type: keyword + description: Action that the rule performs on match. + - name: direction + type: keyword + description: Direction of traffic that matches this rule. + - name: reference + type: keyword + description: Reference to the firewall rule. + - name: source_range + type: keyword + description: List of source ranges that the firewall rule applies to. + - name: destination_range + type: keyword + description: List of destination ranges that the firewall applies to. + - name: source_tag + type: keyword + description: > + List of all the source tags that the firewall rule applies to. + - name: target_tag + type: keyword + description: > + List of all the target tags that the firewall rule applies to. + - name: ip_port_info + type: array + description: > + List of ip protocols and applicable port ranges for rules. + - name: source_service_account + type: keyword + description: > + List of all the source service accounts that the firewall rule applies to. + - name: target_service_account + type: keyword + description: > + List of all the target service accounts that the firewall rule applies to. diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml b/x-pack/filebeat/module/googlecloud/firewall/config/input.yml new file mode 100644 index 000000000000..dd617f8d2888 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/config/input.yml @@ -0,0 +1,27 @@ +{{ if eq .input "google-pubsub" }} + +type: google-pubsub +project_id: {{ .project_id }} +topic: {{ .topic }} +subscription.name: {{ .subscription_name }} +credentials_file: {{ .credentials_file }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - script: + lang: javascript + id: googlecloud_firewall_script + params: + debug: {{ .debug }} + keep_original_message: {{ .keep_original_message }} + file: ${path.home}/module/googlecloud/firewall/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js new file mode 100644 index 000000000000..fab3c5a91c90 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js @@ -0,0 +1,331 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var processor = require("processor"); +var console = require("console"); + +// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) +// +// Processor that sets _to_ field from a mapping of _from_ field's value. +function makeMapper(options) { + return function (evt) { + var key = evt.Get(options.from); + var value = options.default; + if (key in options.mappings) { + value = options.mappings[key]; + } + if (value != null) { + evt.Put(options.to, value); + } + }; +} + +// makeConditional({condition:expr, result1:processor|expr, [...]}) +// +// Processor that selects which processor to run depending on the result of +// evaluating a _condition_. Result can be boolean (if-else equivalent) or any +// other value (switch equivalent). Unspecified values are a no-op. +function makeConditional(options) { + return function (evt) { + var branch = options[options.condition(evt)] || function(evt){}; + return (typeof branch === "function" ? branch : branch.Run)(evt); + }; +} + +// logEvent(msg) +// +// Processor that logs the current value of evt to console.debug. +function makeLogEvent(msg) { + return function (evt) { + console.debug(msg + " :" + JSON.stringify(evt, null, 4)); + }; +} + +// PipelineBuilder to aid debugging of pipelines during development. +function PipelineBuilder(pipelineName, debug) { + this.pipeline = new processor.Chain(); + this.add = function (processor) { + this.pipeline = this.pipeline.Add(processor); + }; + this.Add = function (name, processor) { + this.add(processor); + if (debug) { + this.add(makeLogEvent("after " + pipelineName + "/" + name)); + } + }; + this.Build = function () { + if (debug) { + this.add(makeLogEvent(pipelineName + "processing done")); + } + return this.pipeline.Build(); + }; + if (debug) { + this.add(makeLogEvent(pipelineName + ": begin processing event")); + } +} + +function FirewallProcessor(keep_original_message, debug) { + var builder = new PipelineBuilder("firewall", debug); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + builder.Add("decodeJson", new processor.DecodeJSONFields({ + fields: ["message"], + target: "json" + })); + + // Set @timestamp to the LogEntry's timestamp. + builder.Add("parseTimestamp", new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true + })); + + if (keep_original_message) { + builder.Add("saveOriginalMessage", new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + })); + } + + builder.Add("dropPubSubFields", function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }); + + builder.Add("categorizeEvent", new processor.AddFields({ + target: "event", + fields: { + category: "firewall-rule", + type: "firewall" + }, + })); + + builder.Add("saveMetadata", new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.resource.labels.subnetwork_name", to: "network.name"} + ], + ignore_missing: true + })); + + // Firewall logs are structured so the LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + builder.Add("convertLogEntry", new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename" + })); + + builder.Add("addOutcome", makeMapper({ + from: "json.disposition", + to: "event.outcome", + mappings: { + ALLOWED: "allow", + DENIED: "deny" + }, + default: "unknown" + })); + + builder.Add("addDirection", makeMapper({ + from: "json.rule_details.direction", + to: "network.direction", + mappings: { + INGRESS: "inbound", + EGRESS: "outbound" + }, + default: "unknown" + })); + + builder.Add("conditionalRename", makeConditional({ + condition: function(evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.src_vpc"}, + {from: "json.instance", to: "json.src_instance"}, + {from: "json.location", to: "json.src_location"}, + {from: "json.remote_vpc", to: "json.dest_vpc"}, + {from: "json.remote_instance", to: "json.dest_instance"}, + {from: "json.remote_location", to: "json.dest_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }), + + INGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.dest_vpc"}, + {from: "json.instance", to: "json.dest_instance"}, + {from: "json.location", to: "json.dest_location"}, + {from: "json.remote_vpc", to: "json.src_vpc"}, + {from: "json.remote_instance", to: "json.src_instance"}, + {from: "json.remote_location", to: "json.src_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }) + })); + + // Set network.iana_number from connection.protocol, converting it to long + // and ignoring the failure if it's not numeric. + builder.Add("ianaNumber", new processor.Convert({ + fields: [{ + from: "json.connection.protocol", + to: "network.iana_number", + type: "long" + }], + fail_on_error: false + })); + + // Set network.transport from iana_number. GCP Firewall only supports + // logging of tcp and udp connections, added icmp just in case as it's the + // other protocol supported by firewall rules. + builder.Add("transportFromIANA", makeMapper({ + from: "network.iana_number", + to: "network.transport", + mappings: { + 1: "icmp", + 6: "tcp", + 17: "udp" + } + })); + + builder.Add("convertJsonPayload", new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + + {from: "json", to: "googlecloud.firewall"}, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false + })); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + builder.Add("dropEmptyObjects", function (evt) { + evt.Delete("googlecloud.firewall.connection"); + evt.Delete("googlecloud.firewall.dest_location"); + evt.Delete("googlecloud.firewall.disposition"); + evt.Delete("googlecloud.firewall.src_location"); + }); + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + builder.Add("copyAddressFields", new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"} + ], + fail_on_error: false + })); + + builder.Add("setCloudMetadata", makeConditional({ + condition: function (evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} + ], + ignore_missing: true + }), + + INGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true + }) + })); + + builder.Add("communityId", new processor.CommunityID({ + fields: { + transport: "network.iana_number" + } + })); + + builder.Add("setInternalDirection", function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + if (srcInstance && destInstance) { + event.Put("network.direction", "internal"); + } + }); + + builder.Add("setNetworkType", function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }); + + builder.Add("setRelatedIP", function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }); + + var chain = builder.Build(); + return { + process: chain.Run + }; +} + +var firewall; + +// Register params from configuration. +function register(params) { + firewall = new FirewallProcessor(params.keep_original_message, params.debug); +} + +function process(evt) { + return firewall.process(evt); +} diff --git a/x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml new file mode 100644 index 000000000000..8d68de684a6f --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml @@ -0,0 +1,50 @@ +description: Pipeline for Google Cloud Firewall Logs + +processors: + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/googlecloud/firewall/manifest.yml b/x-pack/filebeat/module/googlecloud/firewall/manifest.yml new file mode 100644 index 000000000000..ec265f977121 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/manifest.yml @@ -0,0 +1,23 @@ +module_version: "1.0" + +var: + - name: input + default: google-pubsub + - name: project_id + default: SET_PROJECT_NAME + - name: topic + default: stackdriver-firewall + - name: subscription_name + default: filebeat-googlecloud-firewall + - name: credentials_file + default: googlecloud-firewall-reader-service-identity.json + - name: debug + default: false + - name: keep_original_message + default: false +ingest_pipeline: ingest/pipeline.yml +input: config/input.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log b/x-pack/filebeat/module/googlecloud/firewall/test/rare.log new file mode 100644 index 000000000000..e43153cc8a1d --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/test/rare.log @@ -0,0 +1,2 @@ +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.128.0.16","dest_port":80,"protocol":"udp","src_ip":"10.142.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"12345667","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} +{"insertId":"1dobeotg13df9f7","jsonPayload":{"connection":{"dest_ip":"10.128.0.10","dest_port":57794,"protocol":"udp","src_ip":"10.142.0.16","src_port":80},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"EGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"892378332","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json new file mode 100644 index 000000000000..b5e1d71beec4 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json @@ -0,0 +1,120 @@ +[ + { + "@timestamp": "2019-11-06T16:41:38.394Z", + "destination.address": "10.128.0.16", + "destination.domain": "local-adrian-test", + "destination.ip": "10.128.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "local-test", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "mysubnet", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "remote-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "remote-beats", + "googlecloud.source.vpc.subnetwork_name": "mysubnet", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 0, + "network.direction": "internal", + "network.name": "default", + "network.type": "ipv4", + "related.ip": [ + "10.142.0.10", + "10.128.0.16" + ], + "service.type": "googlecloud", + "source.address": "10.142.0.10", + "source.domain": "test-es", + "source.ip": "10.142.0.10", + "source.port": 57794 + }, + { + "@timestamp": "2019-11-06T16:41:38.394Z", + "destination.address": "10.128.0.10", + "destination.domain": "test-es", + "destination.ip": "10.128.0.10", + "destination.port": 57794, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "remote-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "remote-beats", + "googlecloud.destination.vpc.subnetwork_name": "mysubnet", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "local-test", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "mysubnet", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 1153, + "network.direction": "internal", + "network.name": "default", + "network.type": "ipv4", + "related.ip": [ + "10.142.0.16", + "10.128.0.10" + ], + "service.type": "googlecloud", + "source.address": "10.142.0.16", + "source.domain": "local-adrian-test", + "source.ip": "10.142.0.16", + "source.port": 80 + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log b/x-pack/filebeat/module/googlecloud/firewall/test/test.log new file mode 100644 index 000000000000..28218d31fff4 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/test/test.log @@ -0,0 +1,20 @@ +{"insertId":"4zuj4nfn4llkb","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":53,"protocol":17,"src_ip":"10.128.0.16","src_port":60094},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:35:24.466374097Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:35:17.214711274Z"} +{"insertId":"1f21ciqfpfssuo","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.126","src_port":64853},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"continent":"Asia","country":"omn"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-10-30T13:52:54.473174731Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-10-30T13:52:42.191988835Z"} +{"insertId":"8vcfeailjd","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.219","src_port":2897},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Krasnodar","continent":"Europe","country":"rus","region":"Krasnodar Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:31:22.738796433Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:31:19.421478847Z"} +{"insertId":"1bqgmw9feiabij","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:35.727004321Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:31.079508196Z"} +{"insertId":"1jrxaqbfe48bir","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:40.791816098Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:34.190831607Z"} +{"insertId":"1fw7drlfe2ty27","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.151","src_port":62551},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Berdychiv","continent":"Europe","country":"ukr","region":"Zhytomyr Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:48:47.038820509Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:48:41.449552758Z"} +{"insertId":"1yre751fekaxzs","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.241","src_port":44542},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Vicenza","continent":"Europe","country":"ita","region":"Veneto"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:10:30.804549999Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:10:24.214995318Z"} +{"insertId":"5kanfzfiqepkh","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.114","src_port":41293},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Tula","continent":"Europe","country":"rus","region":"Tula Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:35:28.934918322Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:35:23.504719962Z"} +{"insertId":"59z0t8fiow9vg","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.251","src_port":59106},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Stavropol","continent":"Europe","country":"rus","region":"Stavropol Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:36:54.238077643Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:36:52.135887769Z"} +{"insertId":"1y7e4yzff816cq","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:26.357446279Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:16.59353182Z"} +{"insertId":"lx5jlsfggpr0q","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:28.203068653Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:22.930570324Z"} +{"insertId":"18ynfbufer19m1","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.200","src_port":42716},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"İzmir","continent":"Asia","country":"tur","region":"İzmir"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:32:14.038485761Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:32:07.407039908Z"} +{"insertId":"tzddthfsr6fv5","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":6,"src_ip":"10.28.0.16","src_port":46418},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:41:28.971534988Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:41:20.972747063Z"} +{"insertId":"1k2b7kefsnhzq7","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":17,"src_ip":"10.28.0.16","src_port":58725},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:42:33.671883883Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:42:26.50532921Z"} +{"insertId":"1sdfuwxfk8hq1c","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44666},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.531819246Z"} +{"insertId":"1sdfuwxfk8hq1b","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44668},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.551617516Z"} +{"insertId":"yot1ojetjdiw","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.7","src_port":1683},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"city":"Almelo","continent":"Europe","country":"nld","region":"Overijssel"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:28.477733837Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:15.771161946Z"} +{"insertId":"5a27u1g22jks9e","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45068},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.850729583Z"} +{"insertId":"5a27u1g22jks8t","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45062},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.85023465Z"} +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"10.42.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json new file mode 100644 index 000000000000..57f0e35608bb --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json @@ -0,0 +1,1187 @@ +[ + { + "@timestamp": "2019-11-12T12:35:17.214Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ + "8.8.8.0/24" + ], + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-1", + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 0, + "network.community_id": "1:iiDdIEXnxwSiz/hJbVnseQ4SZVE=", + "network.direction": "outbound", + "network.iana_number": 17, + "network.name": "default", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "10.128.0.16", + "8.8.8.8" + ], + "service.type": "googlecloud", + "source.address": "10.128.0.16", + "source.domain": "adrian-test", + "source.ip": "10.128.0.16", + "source.port": 60094 + }, + { + "@timestamp": "2019-10-30T13:52:42.191Z", + "destination.address": "10.42.0.2", + "destination.domain": "test-windows", + "destination.ip": "10.42.0.2", + "destination.port": 3389, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "allow", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "3389" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:windows-isolated/firewall:windows-isolated-allow-rdp", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow-rdp" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 983, + "network.community_id": "1:I+YM7Ru3rl0RVZt/y+F/hkoY0Zc=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "windows-isolated", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.126", + "10.42.0.2" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.126", + "source.geo.continent_name": "Asia", + "source.geo.country_name": "omn", + "source.ip": "192.0.2.126", + "source.port": 64853 + }, + { + "@timestamp": "2019-11-11T12:31:19.421Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 2025, + "network.community_id": "1:I0VuqgaYU1tgaECjlzIRuPzILlg=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.219", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.219", + "source.geo.city_name": "Krasnodar", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Krasnodar Krai", + "source.ip": "192.0.2.219", + "source.port": 2897 + }, + { + "@timestamp": "2019-11-11T12:41:31.079Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 3074, + "network.community_id": "1:JXppP0Oqm+g33JYC0DKoWKxP1GI=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.14", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.14", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "deu", + "source.ip": "192.0.2.14", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T12:41:34.190Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 4080, + "network.community_id": "1:JXppP0Oqm+g33JYC0DKoWKxP1GI=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.14", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.14", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "deu", + "source.ip": "192.0.2.14", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T12:48:41.449Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 5086, + "network.community_id": "1:Us40G9GKff9nidizV7rCFgCQb9E=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.151", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.151", + "source.geo.city_name": "Berdychiv", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "ukr", + "source.geo.region_name": "Zhytomyr Oblast", + "source.ip": "192.0.2.151", + "source.port": 62551 + }, + { + "@timestamp": "2019-11-11T13:10:24.214Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 6141, + "network.community_id": "1:CKIvQ4W48ZjqiomnWxipDck9Yb0=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.241", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.241", + "source.geo.city_name": "Vicenza", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "ita", + "source.geo.region_name": "Veneto", + "source.ip": "192.0.2.241", + "source.port": 44542 + }, + { + "@timestamp": "2019-11-11T13:35:23.504Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 7185, + "network.community_id": "1:4MspX9JxDXjbalHc/6y9GntbkUc=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.geo.city_name": "Tula", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Tula Oblast", + "source.ip": "192.0.2.114", + "source.port": 41293 + }, + { + "@timestamp": "2019-11-11T13:36:52.135Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 8228, + "network.community_id": "1:KygoHJBT+06I9CnmAPRmvl5CRO4=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.251", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.251", + "source.geo.city_name": "Stavropol", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "rus", + "source.geo.region_name": "Stavropol Krai", + "source.ip": "192.0.2.251", + "source.port": 59106 + }, + { + "@timestamp": "2019-11-11T14:06:16.593Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 9279, + "network.community_id": "1:20yMRdGVeNrVtL6TKhpfMDy284w=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.189", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.189", + "source.geo.city_name": "Viol\u00e8s", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "fra", + "source.geo.region_name": "Provence-Alpes-C\u00f4te d'Azur", + "source.ip": "192.0.2.189", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T14:06:22.930Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 10341, + "network.community_id": "1:20yMRdGVeNrVtL6TKhpfMDy284w=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.189", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.189", + "source.geo.city_name": "Viol\u00e8s", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "fra", + "source.geo.region_name": "Provence-Alpes-C\u00f4te d'Azur", + "source.ip": "192.0.2.189", + "source.port": 61000 + }, + { + "@timestamp": "2019-11-11T14:32:07.407Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 8080, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 11403, + "network.community_id": "1:6fenc8+hp2KWF1J9vvGwv3iswV0=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.200", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.200", + "source.geo.city_name": "\u0130zmir", + "source.geo.continent_name": "Asia", + "source.geo.country_name": "tur", + "source.geo.region_name": "\u0130zmir", + "source.ip": "192.0.2.200", + "source.port": 42716 + }, + { + "@timestamp": "2019-11-12T12:41:20.972Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ + "8.8.8.0/24" + ], + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-1", + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 12444, + "network.community_id": "1:L+yxRTY3bxAv2hbljIrAstKlE+g=", + "network.direction": "outbound", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.28.0.16", + "8.8.8.8" + ], + "service.type": "googlecloud", + "source.address": "10.28.0.16", + "source.domain": "adrian-test", + "source.ip": "10.28.0.16", + "source.port": 46418 + }, + { + "@timestamp": "2019-11-12T12:42:26.505Z", + "destination.address": "8.8.8.8", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ + "8.8.8.0/24" + ], + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-1", + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 13425, + "network.community_id": "1:c7bqGkBTPmOmWydHv/uxpk1qOjc=", + "network.direction": "outbound", + "network.iana_number": 17, + "network.name": "default", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "10.28.0.16", + "8.8.8.8" + ], + "service.type": "googlecloud", + "source.address": "10.28.0.16", + "source.domain": "adrian-test", + "source.ip": "10.28.0.16", + "source.port": 58725 + }, + { + "@timestamp": "2019-11-11T12:54:13.531Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "allow", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 14407, + "network.community_id": "1:DAX43chSGct8LhjTchX9JgmQSEE=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 44666 + }, + { + "@timestamp": "2019-11-11T12:54:13.551Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "allow", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 15594, + "network.community_id": "1:TPU3xS0q892TRpPVImmLO31ok9s=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 44668 + }, + { + "@timestamp": "2019-11-11T12:54:15.771Z", + "destination.address": "10.42.0.2", + "destination.domain": "test-windows", + "destination.ip": "10.42.0.2", + "destination.port": 3389, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "allow", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "3389" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:windows-isolated/firewall:windows-isolated-allow-rdp", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow-rdp" + ], + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 16781, + "network.community_id": "1:nptqbsyCEhZhJ1ZBfy4iEMDFucI=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.name": "windows-isolated", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.7", + "10.42.0.2" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.7", + "source.geo.city_name": "Almelo", + "source.geo.continent_name": "Europe", + "source.geo.country_name": "nld", + "source.geo.region_name": "Overijssel", + "source.ip": "192.0.2.7", + "source.port": 1683 + }, + { + "@timestamp": "2019-11-11T12:54:35.850Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "allow", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 17858, + "network.community_id": "1:+KvUpcdGASPCZ5QYcOHVgid9Yjg=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 45068 + }, + { + "@timestamp": "2019-11-11T12:54:35.850Z", + "destination.address": "10.42.0.10", + "destination.domain": "test-es", + "destination.ip": "10.42.0.10", + "destination.port": 9200, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "allow", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "9200" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "allow9200" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 19045, + "network.community_id": "1:v6u3NIKBcvTUebkWUOly9nrN/HE=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "192.0.2.114", + "10.42.0.10" + ], + "service.type": "googlecloud", + "source.address": "192.0.2.114", + "source.domain": "test-kibana", + "source.geo.continent_name": "America", + "source.geo.country_name": "usa", + "source.ip": "192.0.2.114", + "source.port": 45062 + }, + { + "@timestamp": "2019-11-06T16:41:38.394Z", + "destination.address": "10.28.0.16", + "destination.domain": "adrian-test", + "destination.ip": "10.28.0.16", + "destination.port": 80, + "event.category": "firewall-rule", + "event.dataset": "googlecloud.firewall", + "event.module": "googlecloud", + "event.outcome": "deny", + "event.type": "firewall", + "fileset.name": "firewall", + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ + { + "ip_protocol": "TCP", + "port_range": [ + "80", + "8080" + ] + } + ], + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", + "googlecloud.firewall.rule_details.source_range": [ + "0.0.0.0/0" + ], + "googlecloud.firewall.rule_details.target_tag": [ + "adrian-test" + ], + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "input.type": "log", + "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", + "log.offset": 20231, + "network.community_id": "1:6Q1oPyCPH/prdYU6FXBpxAgFrP8=", + "network.direction": "internal", + "network.iana_number": 6, + "network.name": "default", + "network.transport": "tcp", + "network.type": "ipv4", + "related.ip": [ + "10.42.0.10", + "10.28.0.16" + ], + "service.type": "googlecloud", + "source.address": "10.42.0.10", + "source.domain": "test-es", + "source.ip": "10.42.0.10", + "source.port": 57794 + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml b/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml index 384bb0aff76d..b0e3869997e3 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml +++ b/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml @@ -14,93 +14,3 @@ Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. - - - name: destination.instance - type: group - description: > - If the destination of the connection was a VM located on the same VPC, - this field is populated with VM instance details. In a Shared VPC - configuration, project_id corresponds to the project that owns the - instance, usually the service project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. - - - name: region - type: keyword - description: > - Region of the VM. - - - name: zone - type: keyword - description: > - Zone of the VM. - - - name: destination.vpc - type: group - description: > - If the destination of the connection was a VM located on the same VPC, - this field is populated with VPC network details. In a Shared VPC - configuration, project_id corresponds to that of the host project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. - - - name: vpc_name - type: keyword - description: > - VPC on which the VM is operating. - - - name: subnetwork_name - type: keyword - description: > - Subnetwork on which the VM is operating. - - - name: source.instance - type: group - description: > - If the source of the connection was a VM located on the same VPC, this - field is populated with VM instance details. In a Shared VPC - configuration, project_id corresponds to the project that owns the - instance, usually the service project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. - - - name: region - type: keyword - description: > - Region of the VM. - - - name: zone - type: keyword - description: > - Zone of the VM. - - - name: source.vpc - type: group - description: > - If the source of the connection was a VM located on the same VPC, this - field is populated with VPC network details. In a Shared VPC - configuration, project_id corresponds to that of the host project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. - - - name: vpc_name - type: keyword - description: > - VPC on which the VM is operating. - - - name: subnetwork_name - type: keyword - description: > - Subnetwork on which the VM is operating. diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml b/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml index 1a655f6e12e2..b8b7a260bf47 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml @@ -22,3 +22,5 @@ processors: lang: javascript id: googlecloud_vpcflow_script file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + params: + keep_original_message: {{ .keep_original_message }} diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js index 4cc4e14c5e5d..fdeb6c4e46a5 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -var vpcflow = (function () { +function VPCFlow(keep_original_message) { var processor = require("processor"); // The pub/sub input writes the Stackdriver LogEntry object into the message @@ -21,6 +21,16 @@ var vpcflow = (function () { ignore_missing: true, }); + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + var dropPubSubFields = function(evt) { evt.Delete("message"); evt.Delete("labels"); @@ -34,6 +44,14 @@ var vpcflow = (function () { }, }); + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + ], + ignore_missing: true + }); + // Use the LogEntry object's timestamp. VPC flow logs are structured so the // LogEntry includes a jsonPayload field. // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry @@ -76,10 +94,10 @@ var vpcflow = (function () { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "json.destination.instance"}, - {from: "json.dest_vpc", to: "json.destination.vpc"}, - {from: "json.src_instance", to: "json.source.instance"}, - {from: "json.src_vpc", to: "json.source.vpc"}, + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, {from: "json", to: "googlecloud.vpcflow"}, @@ -107,22 +125,22 @@ var vpcflow = (function () { var setCloudFromDestInstance = new processor.Convert({ fields: [ - {from: "googlecloud.vpcflow.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.vpcflow.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.vpcflow.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.vpcflow.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.vpcflow.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); var setCloudFromSrcInstance = new processor.Convert({ fields: [ - {from: "googlecloud.vpcflow.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.vpcflow.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.vpcflow.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.vpcflow.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.vpcflow.source.vpc.subnetwork_name", to: "network.name"}, + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); @@ -170,8 +188,8 @@ var vpcflow = (function () { }; var setNetworkDirection = function(event) { - var srcInstance = event.Get("googlecloud.vpcflow.source.instance"); - var destInstance = event.Get("googlecloud.vpcflow.destination.instance"); + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); var direction = "unknown"; if (srcInstance && destInstance) { @@ -205,8 +223,10 @@ var vpcflow = (function () { var pipeline = new processor.Chain() .Add(decodeJson) .Add(parseTimestamp) + .Add(saveOriginalMessage) .Add(dropPubSubFields) .Add(categorizeEvent) + .Add(saveMetadata) .Add(convertLogEntry) .Add(convertJsonPayload) .Add(dropEmptyObjects) @@ -223,7 +243,14 @@ var vpcflow = (function () { return { process: pipeline.Run, }; -})(); +} + +var vpcflow; + +// Register params from configuration. +function register(params) { + vpcflow = new VPCFlow(params.keep_original_message); +} function process(evt) { return vpcflow.process(evt); diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml b/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml index 46288049415c..a84b56a31501 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml @@ -11,7 +11,8 @@ var: default: filebeat-googlecloud-vpcflow - name: credentials_file default: googlecloud-vpcflow-reader-service-identity.json - + - name: keep_original_message + default: false ingest_pipeline: ingest/pipeline.yml input: config/input.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index 421aa50b160e..7b1048b7a6df 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -17,15 +17,16 @@ "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 0, "network.bytes": 1776, "network.community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", @@ -63,21 +64,22 @@ "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 934, "network.bytes": 173663, "network.community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", @@ -121,21 +123,22 @@ "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 201, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 2084, "network.bytes": 155707, "network.community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", @@ -177,14 +180,15 @@ "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 3237, "network.bytes": 0, "network.community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", @@ -224,15 +228,16 @@ "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 4210, "network.bytes": 1784, "network.community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", @@ -270,15 +275,16 @@ "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 5143, "network.bytes": 1464, "network.community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", @@ -318,21 +324,22 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 6078, "network.bytes": 186151, "network.community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", @@ -376,21 +383,22 @@ "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 3, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 7229, "network.bytes": 15169, "network.community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", @@ -428,21 +436,22 @@ "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 8378, "network.bytes": 250864, "network.community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", @@ -483,21 +492,22 @@ "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 3, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 9529, "network.bytes": 167939, "network.community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", @@ -538,14 +548,15 @@ "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 10679, "network.bytes": 0, "network.community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", @@ -587,21 +598,22 @@ "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 201, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 11654, "network.bytes": 11773, "network.community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", @@ -642,21 +654,22 @@ "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 192, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 12806, "network.bytes": 65699, "network.community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", @@ -700,21 +713,22 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 13959, "network.bytes": 66029, "network.community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", @@ -755,21 +769,22 @@ "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 15109, "network.bytes": 65154, "network.community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", @@ -810,21 +825,22 @@ "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 16259, "network.bytes": 13643, "network.community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", @@ -862,15 +878,16 @@ "event.start": "2019-06-14T03:40:17.343890802Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 17408, "network.bytes": 34509840, "network.community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", @@ -907,15 +924,16 @@ "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 18297, "network.bytes": 1467, "network.community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", @@ -958,21 +976,22 @@ "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 19233, "network.bytes": 63671, "network.community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", @@ -1014,15 +1033,16 @@ "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 220, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 20383, "network.bytes": 51075, "network.community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", @@ -1063,21 +1083,22 @@ "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 192, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 21370, "network.bytes": 197840, "network.community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", @@ -1114,15 +1135,16 @@ "event.start": "2019-06-14T03:40:17.306085222Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 22524, "network.bytes": 173805495, "network.community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", @@ -1160,15 +1182,16 @@ "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 23412, "network.bytes": 1468, "network.community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", @@ -1211,21 +1234,22 @@ "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 50, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 24348, "network.bytes": 159704, "network.community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", @@ -1263,15 +1287,16 @@ "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 220, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 25501, "network.bytes": 70775, "network.community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", @@ -1313,21 +1338,22 @@ "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 26490, "network.bytes": 281147, "network.community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", @@ -1368,21 +1394,22 @@ "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 50, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 27641, "network.bytes": 63590, "network.community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", @@ -1425,15 +1452,16 @@ "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 28793, "network.bytes": 1780, "network.community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", @@ -1471,15 +1499,16 @@ "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 233, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 29727, "network.bytes": 1239, "network.community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", @@ -1524,21 +1553,22 @@ "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 2, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 30719, "network.bytes": 63853, "network.community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", @@ -1576,15 +1606,16 @@ "event.start": "2019-06-14T03:46:20.634435179Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 31870, "network.bytes": 1458, "network.community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", @@ -1627,21 +1658,22 @@ "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 311, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 32809, "network.bytes": 252397, "network.community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", @@ -1682,21 +1714,22 @@ "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 216, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 33964, "network.bytes": 205787, "network.community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", @@ -1738,15 +1771,16 @@ "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 87, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 35119, "network.bytes": 106409, "network.community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", @@ -1784,21 +1818,22 @@ "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 311, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 36107, "network.bytes": 61242, "network.community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", @@ -1842,21 +1877,22 @@ "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.vpcflow.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 113, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 37261, "network.bytes": 248826, "network.community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", @@ -1896,15 +1932,16 @@ "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 38440, "network.bytes": 1777, "network.community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", @@ -1946,15 +1983,16 @@ "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 219, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 39374, "network.bytes": 116845, "network.community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", @@ -1992,21 +2030,22 @@ "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 0, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 40363, "network.bytes": 4614, "network.community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", @@ -2050,21 +2089,22 @@ "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-central1", - "googlecloud.vpcflow.destination.instance.zone": "us-central1-a", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 41513, "network.bytes": 50379, "network.community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", @@ -2102,21 +2142,22 @@ "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 2, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 42677, "network.bytes": 200417, "network.community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", @@ -2160,21 +2201,22 @@ "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 0, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 43829, "network.bytes": 30233, "network.community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", @@ -2212,21 +2254,22 @@ "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 44980, "network.bytes": 160693, "network.community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", @@ -2267,21 +2310,22 @@ "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 216, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 46132, "network.bytes": 59903, "network.community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", @@ -2324,15 +2368,16 @@ "event.start": "2019-06-14T03:46:20.634545217Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 47286, "network.bytes": 1780, "network.community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", @@ -2374,15 +2419,16 @@ "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 89, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 48223, "network.bytes": 129335, "network.community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", @@ -2420,15 +2466,16 @@ "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 49211, "network.bytes": 1464, "network.community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", @@ -2468,15 +2515,16 @@ "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 219, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 50147, "network.bytes": 75477, "network.community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", @@ -2522,15 +2570,16 @@ "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 86, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 51137, "network.bytes": 102119, "network.community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", @@ -2568,21 +2617,22 @@ "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "windows-isolated", + "googlecloud.source.vpc.vpc_name": "windows-isolated", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 113, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "windows-isolated", - "googlecloud.vpcflow.source.vpc.vpc_name": "windows-isolated", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 52125, "network.bytes": 1541638, "network.community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", @@ -2623,21 +2673,22 @@ "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-central1", - "googlecloud.vpcflow.source.instance.zone": "us-central1-a", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 53305, "network.bytes": 755901, "network.community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", @@ -2681,21 +2732,22 @@ "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 144, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 54470, "network.bytes": 248715, "network.community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", @@ -2733,15 +2785,16 @@ "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 86, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 55625, "network.bytes": 69757, "network.community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", @@ -2783,15 +2836,16 @@ "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 87, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 56614, "network.bytes": 69440, "network.community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", @@ -2833,15 +2887,16 @@ "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 57603, "network.bytes": 1457, "network.community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", @@ -2883,15 +2938,16 @@ "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 58539, "network.bytes": 1784, "network.community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", @@ -2933,15 +2989,16 @@ "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 233, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 59473, "network.bytes": 2395, "network.community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", @@ -2979,21 +3036,22 @@ "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 144, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 60463, "network.bytes": 60335, "network.community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", @@ -3037,21 +3095,22 @@ "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 61617, "network.bytes": 65565, "network.community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", @@ -3089,15 +3148,16 @@ "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 89, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 62768, "network.bytes": 70174, "network.community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", @@ -3139,15 +3199,16 @@ "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 63757, "network.bytes": 1461, "network.community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", @@ -3187,15 +3248,16 @@ "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 64693, "network.bytes": 1460, "network.community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", @@ -3235,21 +3297,22 @@ "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 224, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 65631, "network.bytes": 66736, "network.community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", @@ -3292,15 +3355,16 @@ "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 66784, "network.bytes": 1776, "network.community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", @@ -3338,15 +3402,16 @@ "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 67720, "network.bytes": 1464, "network.community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", @@ -3386,21 +3451,22 @@ "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 2, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 68656, "network.bytes": 259510, "network.community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", @@ -3443,15 +3509,16 @@ "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 69807, "network.bytes": 1781, "network.community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", @@ -3492,21 +3559,22 @@ "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 70741, "network.bytes": 65069, "network.community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", @@ -3547,21 +3615,22 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 15, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 71891, "network.bytes": 60530, "network.community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", @@ -3599,21 +3668,22 @@ "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 230, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 73042, "network.bytes": 11384, "network.community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", @@ -3657,21 +3727,22 @@ "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 224, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 74194, "network.bytes": 272063, "network.community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", @@ -3711,15 +3782,16 @@ "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 43, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 75348, "network.bytes": 1791, "network.community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", @@ -3757,21 +3829,22 @@ "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 253, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 76282, "network.bytes": 18295, "network.community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", @@ -3812,15 +3885,16 @@ "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 77435, "network.bytes": 1467, "network.community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", @@ -3860,21 +3934,22 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 15, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 78373, "network.bytes": 165290, "network.community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", @@ -3915,15 +3990,16 @@ "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 43, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 79525, "network.bytes": 1458, "network.community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", @@ -3963,15 +4039,16 @@ "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 80461, "network.bytes": 1464, "network.community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", @@ -4013,15 +4090,16 @@ "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 81397, "network.bytes": 1780, "network.community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", @@ -4061,15 +4139,16 @@ "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 82331, "network.bytes": 1780, "network.community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", @@ -4109,15 +4188,16 @@ "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 83265, "network.bytes": 1776, "network.community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", @@ -4155,15 +4235,16 @@ "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 84201, "network.bytes": 1461, "network.community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", @@ -4205,15 +4286,16 @@ "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 85139, "network.bytes": 1781, "network.community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", @@ -4254,21 +4336,22 @@ "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 2, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 86073, "network.bytes": 60222, "network.community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", @@ -4309,21 +4392,22 @@ "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 16, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 87223, "network.bytes": 61810, "network.community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", @@ -4361,15 +4445,16 @@ "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 88374, "network.bytes": 1467, "network.community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", @@ -4409,21 +4494,22 @@ "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 16, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 89310, "network.bytes": 136558, "network.community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", @@ -4466,15 +4552,16 @@ "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 90462, "network.bytes": 1781, "network.community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", @@ -4514,15 +4601,16 @@ "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "flow", "fileset.name": "vpcflow", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 91398, "network.bytes": 1781, "network.community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", @@ -4560,15 +4648,16 @@ "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 92332, "network.bytes": 1467, "network.community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", @@ -4608,21 +4697,22 @@ "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 93268, "network.bytes": 170396, "network.community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", @@ -4666,21 +4756,22 @@ "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 230, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 94419, "network.bytes": 171610, "network.community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", @@ -4721,21 +4812,22 @@ "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 253, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 95572, "network.bytes": 15186, "network.community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", @@ -4776,21 +4868,22 @@ "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 109, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 96724, "network.bytes": 208416, "network.community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", @@ -4831,21 +4924,22 @@ "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-central1", - "googlecloud.vpcflow.destination.instance.zone": "us-central1-a", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 97878, "network.bytes": 90977, "network.community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", @@ -4886,21 +4980,22 @@ "event.start": "2019-06-14T03:40:08.150481417Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 194, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 99041, "network.bytes": 187301, "network.community_id": "1:c/u5Mg/PGR6riBWo0YXGpZWs3cI=", @@ -4938,21 +5033,22 @@ "event.start": "2019-06-14T03:40:06.075859688Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 11, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 100195, "network.bytes": 139106, "network.community_id": "1:daatd5jK/QqBAjEYb64ySmXIcOU=", @@ -4993,21 +5089,22 @@ "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-central1", - "googlecloud.vpcflow.source.instance.zone": "us-central1-a", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 101347, "network.bytes": 1733360, "network.community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", @@ -5051,21 +5148,22 @@ "event.start": "2019-06-14T03:40:20.513551480Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 142, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 102512, "network.bytes": 149157, "network.community_id": "1:5AIfpIZXAUHToCeVBhXgBuugIac=", @@ -5103,21 +5201,22 @@ "event.start": "2019-06-14T03:40:08.480430427Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 201, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 103665, "network.bytes": 11108, "network.community_id": "1:dMHgvk8guroE0eXkr19X6xQ6X24=", @@ -5158,21 +5257,22 @@ "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "flow", "fileset.name": "vpcflow", - "googlecloud.vpcflow.destination.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.instance.region": "us-east1", - "googlecloud.vpcflow.destination.instance.zone": "us-east1-b", - "googlecloud.vpcflow.destination.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.destination.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.destination.vpc.vpc_name": "default", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 109, - "googlecloud.vpcflow.source.instance.project_id": "my-sample-project", - "googlecloud.vpcflow.source.instance.region": "us-east1", - "googlecloud.vpcflow.source.instance.zone": "us-east1-b", - "googlecloud.vpcflow.source.vpc.project_id": "my-sample-project", - "googlecloud.vpcflow.source.vpc.subnetwork_name": "default", - "googlecloud.vpcflow.source.vpc.vpc_name": "default", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 104817, "network.bytes": 67337, "network.community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled index feeaeb9d9a57..62379eeea2dd 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -20,6 +20,24 @@ # the subscription. var.credentials_file: ${path.config}/gcp-service-account-xyz.json + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + audit: enabled: true