Skip to content

Cherry-pick #21478 to 7.x: Use new form of fleet API paths #21589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 6, 2020
Merged

Cherry-pick #21478 to 7.x: Use new form of fleet API paths #21589

merged 2 commits into from
Oct 6, 2020

Conversation

@michalpristas
Copy link
Contributor

@michalpristas michalpristas commented Oct 6, 2020

Cherry-pick of PR #21478 to 7.x branch. Original message:

What does this PR do?

Aligning paths to be even with elastic/kibana#79193

Why is it important?

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@michalpristas
[Ingest Manager] Use new form of fleet API paths (elastic#21478)
f1a4f6e 
[Ingest Manager] Use new form of fleet API paths (elastic#21478)
@michalpristas michalpristas self-assigned this Oct 6, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Oct 6, 2020

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Oct 6, 2020
jfsiii
jfsiii approved these changes Oct 6, 2020
View reviewed changes
Copy link

@jfsiii jfsiii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nchaulet knows better than I do, but this matches my understanding of the new routes

@elasticmachine
Copy link
Collaborator

elasticmachine commented Oct 6, 2020

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21589 opened]

  • Start Time: 2020-10-06T17:29:51.162+0000

  • Duration: 87 min 20 sec

Test stats 🧪

Test Results
Failed 198
Passed 15991
Skipped 1359
Total 17548

Test errors 198

Expand to view the tests failures

  • Name: Build&Test / libbeat-build / TestOutputReload – pipeline

    • Age: 1
    • Duration: 65.98
    • Error Details: Failed

  • Name: Build&Test / libbeat-build / TestOutputReload/network_client – pipeline

    • Age: 1
    • Duration: 37.51
    • Error Details: Failed

  • Name: Build&Test / filebeat-build / test_fileset_file_001_iis – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.799
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 257, 'destination.address': '127.0.0.1', 'destination.port': 80, 'destination.ip': '127.0.0.1', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.path': '/', 'url.query': 'q=100', 'input.type': 'log', 'iis.access.sub_status': 0, 'iis.access.win32_status': 0, '@timestamp': '2018-01-01T08:09:10.000Z', 'related.ip': ['85.181.35.98', '127.0.0.1'], 'service.type': 'iis', 'http.request.method': 'GET', 'http.response.status_code': 200, 'event.duration': 123000000, 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0', 'user_agent.os.name': 'Windows', 'user_agent.os.version': '7', 'user_agent.os.full': 'Windows 7', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Other', 'user_agent.version': '57.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_004_iis – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.877
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 286, 'destination.address': '127.0.0.1', 'destination.port': 80, 'destination.ip': '127.0.0.1', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.port': 2780, 'source.ip': '85.181.35.98', 'fileset.name': 'error', 'url.original': '/ThisIsMyUrl.htm', 'input.type': 'log', 'iis.error.reason_phrase': 'Hostname', '@timestamp': '2018-01-01T09:10:11.000Z', 'related.ip': ['85.181.35.98', '127.0.0.1'], 'service.type': 'iis', 'http.request.method': 'GET', 'http.response.status_code': 400, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_006_iis – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.008
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'destination.address': '192.168.101.101', 'destination.port': 443, 'destination.ip': '192.168.101.101', 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.address': '149.42.83.135', 'source.port': 12345, 'source.ip': '149.42.83.135', 'fileset.name': 'error', 'url.original': '12.2.1', 'input.type': 'log', 'iis.error.reason_phrase': 'URL', '@timestamp': '2018-05-05T05:05:55.000Z', 'related.ip': ['149.42.83.135', '192.168.101.101'], 'service.type': 'iis', 'http.request.method': 't3', 'http.response.status_code': 400, 'http.version': '0.9', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_029_nginx – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.706
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'nginx.access.remote_ip_list': ['10.0.0.2', '10.0.0.1', '85.181.35.98'], 'log.offset': 341, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.original': '/ocelot', 'input.type': 'log', '@timestamp': '2016-12-07T10:05:07.000Z', 'related.ip': ['85.181.35.98'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 571, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '49.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_030_nginx – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.129
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'nginx.access.remote_ip_list': ['77.179.66.156'], 'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-RP', 'source.geo.city_name': 'Germersheim', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Rheinland-Pfalz', 'source.geo.location.lon': 8.3639, 'source.geo.location.lat': 49.2231, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '77.179.66.156', 'source.ip': '77.179.66.156', 'fileset.name': 'access', 'url.original': '/', 'input.type': 'log', '@timestamp': '2016-10-25T12:49:33.000Z', 'related.ip': ['77.179.66.156'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 612, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12.0', 'user_agent.os.full': 'Mac OS X 10.12.0', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '54.0.2840.59'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_031_nginx – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.178
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'nginx.access.remote_ip_list': ['10.0.0.2', '10.0.0.1', '85.181.35.98'], 'log.offset': 365, 'destination.domain': 'example.com', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.original': '/ocelot', 'input.type': 'log', '@timestamp': '2016-12-07T10:05:07.000Z', 'related.ip': ['85.181.35.98'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 571, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '49.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_043_haproxy – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.168
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'haproxy', 'process.pid': 24551, 'log.offset': 0, 'destination.port': 5000, 'destination.ip': '1.2.3.4', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.port': 40780, 'source.ip': '1.2.3.4', 'fileset.name': 'log', 'input.type': 'log', 'related.ip': ['1.2.3.4', '1.2.3.4'], 'service.type': 'haproxy', 'haproxy.mode': 'HTTP', 'haproxy.frontend_name': 'main', 'haproxy.source': '1.2.3.4', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'haproxy', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'haproxy.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_045_haproxy – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.981
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'haproxy', 'process.pid': 32450, 'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.port': 38862, 'source.ip': '1.2.3.4', 'fileset.name': 'log', 'input.type': 'log', 'related.ip': ['1.2.3.4'], 'service.type': 'haproxy', 'haproxy.server_name': 'docs', 'haproxy.backend_queue': 0, 'haproxy.total_waiting_time_ms': 0, 'haproxy.termination_state': '----', 'haproxy.connection_wait_time_ms': 1, 'haproxy.backend_name': 'docs_microservice', 'haproxy.http.request.raw_request_line': 'GET /component---src-pages-index-js-4b15624544f97cf0bb8f.js HTTP/1.1', 'haproxy.http.request.captured_cookie': '-', 'haproxy.http.request.captured_headers': ['docs.example.internal'], 'haproxy.http.request.time_wait_ms': 0, 'haproxy.http.request.time_wait_without_data_ms': 0, 'haproxy.http.response.captured_cookie': '-', 'haproxy.http.response.captured_headers': [], 'haproxy.frontend_name': 'incoming~', 'haproxy.server_queue': 0, 'haproxy.bytes_read': 168, 'haproxy.connections.server': 0, 'haproxy.connections.retries': 0, 'haproxy.connections.active': 6, 'haproxy.connections.backend': 0, 'haproxy.connections.frontend': 6, 'http.response.status_code': 304, 'http.response.bytes': 168, 'event.duration': 2000000, 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'haproxy', 'event.category': ['web'], 'event.dataset': 'haproxy.log', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_052_traefik – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.169
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 280, 'traefik.access.user_identifier': '-', 'traefik.access.frontend_name': 'Host-host1', 'traefik.access.backend_url': 'http://172.19.0.3:5601', 'traefik.access.request_count': 271, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.original': '/ui/favicons/favicon.ico', 'input.type': 'log', '@timestamp': '2017-10-02T20:22:08.000Z', 'related.ip': ['85.181.35.98'], 'service.type': 'traefik', 'http.request.referrer': 'http://example.com/login', 'http.request.method': 'GET', 'http.response.status_code': 304, 'http.response.body.bytes': 0, 'http.version': '1.1', 'event.duration': 3000000, 'event.kind': 'event', 'event.module': 'traefik', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'traefik.access', 'event.outcome': 'success', 'user.name': '-', 'user_agent.original': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36', 'user_agent.os.name': 'Linux', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Other', 'user_agent.version': '61.0.3163.100'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_087_apache – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.722
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 181, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-RP', 'source.geo.city_name': 'Germersheim', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Rheinland-Pfalz', 'source.geo.location.lon': 8.3639, 'source.geo.location.lat': 49.2231, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '77.179.66.156', 'source.ip': '77.179.66.156', 'fileset.name': 'access', 'url.original': '/', 'input.type': 'log', '@timestamp': '2016-12-26T16:23:35.000Z', 'service.type': 'apache', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 45, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access', 'event.outcome': 'success', 'user.name': '-'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_088_apache – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.538
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 276, 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.address': '11.19.0.217', 'source.ip': '11.19.0.217', 'fileset.name': 'access', 'url.original': '/appl/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=c2700eab9797eda8a9f65a3ab17a6adbceccd60a6cca7708650a5923950d', 'input.type': 'log', 'apache.access.ssl.cipher': 'ECDHE-RSA-AES128-GCM-SHA256', 'apache.access.ssl.protocol': 'TLSv1.2', '@timestamp': '2019-10-16T09:53:47.000Z', 'service.type': 'apache', 'http.request.method': 'GET', 'http.version': '1.1', 'tls.cipher': 'ECDHE-RSA-AES128-GCM-SHA256', 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_089_apache – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.898
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.pid': 35708, 'process.thread.id': 4328636416, 'log.offset': 229, 'log.level': 'error', 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-GA', 'source.geo.city_name': 'Newnan', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Georgia', 'source.geo.location.lon': -84.8154, 'source.geo.location.lat': 33.3708, 'source.as.number': 11693, 'source.as.organization.name': 'WideOpenWest Finance LLC', 'source.address': '72.15.99.187', 'source.ip': '72.15.99.187', 'message': 'File does not exist: /usr/local/apache2/htdocs/favicon.ico', 'fileset.name': 'error', 'input.type': 'log', '@timestamp': '2011-09-09T10:42:29.902-02:00', 'apache.error.module': 'core', 'service.type': 'apache', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.type': 'error', 'event.dataset': 'apache.error'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_106_system – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.973
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'sshd', 'process.pid': 5774, 'log.offset': 324, 'source.geo.continent_name': 'Asia', 'source.geo.region_iso_code': 'CN-GD', 'source.geo.country_iso_code': 'CN', 'source.geo.country_name': 'China', 'source.geo.region_name': 'Guangdong', 'source.geo.location.lon': 113.25, 'source.geo.location.lat': 23.1167, 'source.as.number': 134764, 'source.as.organization.name': 'CHINANET Guangdong province network', 'source.port': 29160, 'source.ip': '116.31.116.24', 'fileset.name': 'auth', 'input.type': 'log', 'system.auth.ssh.method': 'password', 'system.auth.ssh.event': 'Failed', 'related.hosts': ['slave22'], 'related.ip': ['116.31.116.24'], 'related.user': ['root'], 'service.type': 'system', 'host.hostname': 'slave22', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'system', 'event.action': 'ssh_login', 'event.type': ['authentication_failure', 'info'], 'event.category': ['authentication'], 'event.dataset': 'system.auth', 'event.outcome': 'failure', 'user.name': 'root'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_107_system – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 3.889
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'sshd', 'process.pid': 2738, 'log.offset': 0, 'source.geo.continent_name': 'Asia', 'source.geo.region_iso_code': 'CN-JX', 'source.geo.country_iso_code': 'CN', 'source.geo.country_name': 'China', 'source.geo.region_name': 'Jiangxi', 'source.geo.location.lon': 115.9333, 'source.geo.location.lat': 28.55, 'source.as.number': 4134, 'source.as.organization.name': 'No.31,Jin-rong Street', 'source.port': 1786, 'source.ip': '202.109.143.106', 'fileset.name': 'auth', 'input.type': 'log', 'system.auth.ssh.method': 'password', 'system.auth.ssh.event': 'Failed', 'related.hosts': ['slave22'], 'related.ip': ['202.109.143.106'], 'related.user': ['root'], 'service.type': 'system', 'host.hostname': 'slave22', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'system', 'event.action': 'ssh_login', 'event.type': ['authentication_failure', 'info'], 'event.category': ['authentication'], 'event.dataset': 'system.auth', 'event.outcome': 'failure', 'user.name': 'root'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_000_envoyproxy – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 34.788
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'kubernetes.container.name': 'ambassador', 'kubernetes.node.name': 'minikube', 'kubernetes.pod.uid': 'e57d545e-2a9d-11e9-995f-08002730e0dc', 'kubernetes.pod.name': 'ambassador-76c58d9df4-jwhsg', 'kubernetes.namespace': 'default', 'kubernetes.labels.service': 'ambassador', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-VA', 'destination.geo.city_name': 'Ashburn', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Virginia', 'destination.geo.location.lon': -77.4728, 'destination.geo.location.lat': 39.0481, 'destination.as.number': 14618, 'destination.as.organization.name': 'Amazon.com, Inc.', 'destination.address': '52.71.234.219', 'destination.port': 80, 'destination.ip': '52.71.234.219', 'source.address': '172.17.0.3', 'source.ip': '172.17.0.3', 'network.protocol': 'http', 'related.ip': ['172.17.0.3', '52.71.234.219'], 'event.duration': 180000000, 'event.kind': 'event', 'event.module': 'envoyproxy', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'envoyproxy.log', 'event.outcome': ['success'], 'user_agent.original': 'curl/7.59.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.59.0', 'fileset.name': 'log', 'message': 'ACCESS [2019-04-10T03:49:34.451Z] "GET /httpbin/status/501 HTTP/1.1" 501 - 0 0 180 179 "172.17.0.3" "curl/7.59.0" "413bf460-bd56-4515-ada4-2a69c5e78e54" "httpbin.org" "52.71.234.219:80"', 'envoyproxy.log_type': 'ACCESS', 'envoyproxy.authority': 'httpbin.org', 'envoyproxy.upstream_service_time': 179000000, 'envoyproxy.request_id': '413bf460-bd56-4515-ada4-2a69c5e78e54', 'envoyproxy.proxy_type': 'http', 'url.path': '/httpbin/status/501', 'url.domain': 'httpbin.org', 'tags': ['envoyproxy'], 'input.type': 'log', '@timestamp': '2019-04-10T03:49:34.451Z', 'service.type': 'envoyproxy', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 501, 'http.response.body.bytes': 0, 'http.version': '1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_001_envoyproxy – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.154
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 399, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 54113, 'destination.as.organization.name': 'Fastly', 'destination.address': '151.101.66.217', 'destination.port': 80, 'destination.ip': '151.101.66.217', 'source.address': '172.17.0.3', 'source.ip': '172.17.0.3', 'network.protocol': 'http', 'related.ip': ['172.17.0.3', '151.101.66.217'], 'event.duration': 41000000, 'event.kind': 'event', 'event.module': 'envoyproxy', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'envoyproxy.log', 'event.outcome': ['success'], 'user_agent.original': 'curl/7.59.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.59.0', 'message': '[2019-04-11T00:51:07.980Z] "GET /elastic/ HTTP/1.1" 301 - 0 0 41 39 "172.17.0.3" "curl/7.59.0" "078d1daa-b786-4d6d-85a5-7e4366adaa19" "www.elastic.co" "151.101.66.217:80"', 'fileset.name': 'log', 'envoyproxy.log_type': 'ACCESS', 'envoyproxy.authority': 'www.elastic.co', 'envoyproxy.upstream_service_time': 39000000, 'envoyproxy.request_id': '078d1daa-b786-4d6d-85a5-7e4366adaa19', 'envoyproxy.proxy_type': 'http', 'url.path': '/elastic/', 'url.domain': 'www.elastic.co', 'tags': ['envoyproxy'], 'input.type': 'log', '@timestamp': '2019-04-11T00:51:07.980Z', 'service.type': 'envoyproxy', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 301, 'http.response.body.bytes': 0, 'http.version': '1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_002_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.354
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'informational', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.ip': '1.2.3.4', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'input.type': 'log', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'related.ip': ['1.2.3.4'], 'service.type': 'cisco', 'event.severity': 6, 'event.code': 734001, 'event.original': '%ASA-6-734001: DAP: User [email protected], Addr 1.2.3.4, Connection AnyConnect: The following DAP records were selected for this connection: dap_1, dap_2', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'firewall-rule', 'event.category': ['network'], 'event.type': ['info'], 'event.dataset': 'cisco.asa', 'user.email': '[email protected]', 'cisco.asa.connection_type': 'AnyConnect', 'cisco.asa.dap_records': ['dap_1', 'dap_2'], 'cisco.asa.message_id': '734001'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_003_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.663
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 1723, 'log.level': 'alert', 'destination.geo.continent_name': 'Asia', 'destination.geo.region_iso_code': 'CN-GD', 'destination.geo.country_iso_code': 'CN', 'destination.geo.country_name': 'China', 'destination.geo.region_name': 'Guangdong', 'destination.geo.location.lon': 113.25, 'destination.geo.location.lat': 23.1167, 'destination.address': '1.2.33.40', 'destination.port': 8080, 'destination.ip': '1.2.33.40', 'source.address': '10.1.2.3', 'source.port': 64321, 'source.ip': '10.1.2.3', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'network.transport': 'icmp', 'network.iana_number': 1, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', 'related.ip': ['10.1.2.3', '1.2.33.40'], 'related.user': ['joe'], 'service.type': 'cisco', 'event.severity': 1, 'event.code': 106103, 'event.original': '%ASA-1-106103: access-list filter denied icmp for user joe inside/10.1.2.3(64321) -> outside/1.2.33.40(8080) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'firewall-rule', 'event.category': ['network'], 'event.type': ['info', 'denied'], 'event.dataset': 'cisco.asa', 'event.outcome': 'deny', 'user.name': 'joe', 'cisco.asa.destination_interface': 'outside', 'cisco.asa.rule_name': 'filter', 'cisco.asa.source_interface': 'inside', 'cisco.asa.message_id': '106103'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_005_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 9.403
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 3172, 'log.level': 'critical', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'Thousand Oaks', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -118.8199, 'destination.geo.location.lat': 34.197, 'destination.as.number': 395776, 'destination.as.organization.name': 'FEDERAL ONLINE GROUP LLC', 'destination.address': '192.186.2.2', 'destination.port': 53356, 'destination.ip': '192.186.2.2', 'source.address': '10.10.10.10', 'source.port': 161, 'source.ip': '10.10.10.10', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'network.bytes': 64585, 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'net', 'observer.hostname': 'dev01', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'intfacename', 'related.hosts': ['dev01', 'dev01'], 'related.ip': ['10.10.10.10', '192.186.2.2'], 'service.type': 'cisco', 'host.hostname': 'dev01', 'event.severity': 2, 'event.code': 302016, 'event.original': '%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2020-05-05T20:38:46.000Z', 'event.type': ['connection', 'end'], 'event.duration': 124000000000, 'event.action': 'flow-expiration', 'event.end': '2020-05-05T18:40:50.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.asa', 'cisco.asa.destination_interface': 'net', 'cisco.asa.connection_id': '1671727', 'cisco.asa.source_interface': 'intfacename', 'cisco.asa.message_id': '302016'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_011_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 6.34
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 3639, 'log.level': 'alert', 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'DE-ST', 'destination.geo.city_name': 'Magdeburg', 'destination.geo.country_iso_code': 'DE', 'destination.geo.country_name': 'Germany', 'destination.geo.region_name': 'Saxony-Anhalt', 'destination.geo.location.lon': 11.6167, 'destination.geo.location.lat': 52.1333, 'destination.as.number': 43341, 'destination.as.organization.name': 'MDlink online service center GmbH', 'destination.address': '213.211.198.62', 'destination.port': 80, 'destination.ip': '213.211.198.62', 'source.address': '10.0.1.20', 'source.port': 46004, 'source.ip': '10.0.1.20', 'fileset.name': 'ftd', 'url.original': 'http://www.eicar.org/download/eicar_com.zip', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'http', 'network.application': 'curl', 'network.transport': 'tcp', 'network.iana_number': 6, 'input.type': 'log', 'observer.hostname': 'firepower', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', '@timestamp': '2019-08-16T07:39:03.000-02:00', 'file.size': '184', 'file.name': 'eicar_com.zip', 'file.hash.sha256': '2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad', 'related.hosts': ['firepower', 'firepower'], 'related.ip': ['10.0.1.20', '213.211.198.62'], 'related.user': ['No Authentication Required'], 'related.hash': ['2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad'], 'service.type': 'cisco', 'host.hostname': 'firepower', 'event.severity': 1, 'event.code': 430005, 'event.original': '%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'cisco', 'event.start': '2019-08-16T09:39:02Z', 'event.action': 'malware-detected', 'event.category': ['malware'], 'event.type': ['info'], 'event.dataset': 'cisco.ftd', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.security.file_policy': 'malware-and-file-policy', 'cisco.ftd.security.sha_disposition': 'Unavailable', 'cisco.ftd.security.file_name': 'eicar_com.zip', 'cisco.ftd.security.file_action': 'Malware Cloud Lookup', 'cisco.ftd.security.spero_disposition': 'Spero detection not performed on file', 'cisco.ftd.security.first_packet_second': '2019-08-16T09:39:02Z', 'cisco.ftd.security.file_sandbox_status': 'File Size Is Too Small', 'cisco.ftd.security.uri': 'http://www.eicar.org/download/eicar_com.zip', 'cisco.ftd.security.file_sha256': '2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad', 'cisco.ftd.security.dst_ip': '213.211.198.62', 'cisco.ftd.security.file_size': '184', 'cisco.ftd.security.src_port': '46004', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.file_storage_status': 'Not Stored (Disposition Was Pending)', 'cisco.ftd.security.protocol': 'tcp', 'cisco.ftd.security.application_protocol': 'HTTP', 'cisco.ftd.security.threat_name': 'Win.Ransomware.Eicar::95.sbx.tg', 'cisco.ftd.security.file_direction': 'Download', 'cisco.ftd.security.file_type': 'ZIP', 'cisco.ftd.security.dst_port': '80', 'cisco.ftd.security.client': 'cURL', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': 'malware-and-file-policy', 'cisco.ftd.message_id': '430005', 'cisco.ftd.threat_category': 'Win.Ransomware.Eicar::95.sbx.tg'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_012_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 6.856
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 1182, 'log.level': 'alert', 'dns.response_code': 'NOERROR', 'dns.question.name': 'eu-central-1.ec2.archive.ubuntu.com', 'dns.question.type': 'A', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 0, 'destination.ip': '8.8.8.8', 'destination.packets': 0, 'source.address': '10.0.1.20', 'source.port': 50074, 'source.bytes': 106, 'source.ip': '10.0.1.20', 'source.packets': 1, 'fileset.name': 'ftd', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'dns', 'network.application': 'dns client', 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.hostname': 'firepower', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', '@timestamp': '2019-08-15T14:05:37.000-02:00', 'related.hosts': ['firepower', 'firepower'], 'related.ip': ['10.0.1.20', '8.8.8.8'], 'related.user': ['No Authentication Required'], 'service.type': 'cisco', 'host.hostname': 'firepower', 'event.severity': 1, 'event.code': 430002, 'event.original': '%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'connection-started', 'event.category': ['network'], 'event.type': ['connection', 'start', 'allowed'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.destination_interface': 'outside', 'cisco.ftd.security.egress_zone': 'output-zone', 'cisco.ftd.security.dns_record_type': 'a host address', 'cisco.ftd.security.responder_packets': '0', 'cisco.ftd.security.access_control_rule_name': 'Rule-1', 'cisco.ftd.security.egress_interface': 'outside', 'cisco.ftd.security.dns_query': 'eu-central-1.ec2.archive.ubuntu.com', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.prefilter_policy': 'Default Prefilter Policy', 'cisco.ftd.security.nap_policy': 'Balanced Security and Connectivity', 'cisco.ftd.security.ingress_zone': 'input-zone', 'cisco.ftd.security.dst_ip': '8.8.8.8', 'cisco.ftd.security.ac_policy': 'default', 'cisco.ftd.security.src_port': '50074', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.protocol': 'udp', 'cisco.ftd.security.application_protocol': 'DNS', 'cisco.ftd.security.initiator_bytes': '106', 'cisco.ftd.security.initiator_packets': '1', 'cisco.ftd.security.dst_port': '53', 'cisco.ftd.security.ingress_interface': 'inside', 'cisco.ftd.security.client': 'DNS client', 'cisco.ftd.security.responder_bytes': '0', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['default', 'Rule-1'], 'cisco.ftd.source_interface': 'inside', 'cisco.ftd.message_id': '430002'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_015_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 6.13
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'alert', 'dns.response_code': 'NOERROR', 'dns.question.name': 'elastic.co', 'dns.question.type': 'A', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 145, 'destination.ip': '8.8.8.8', 'destination.packets': 1, 'source.address': '10.0.1.20', 'source.port': 57379, 'source.bytes': 93, 'source.ip': '10.0.1.20', 'source.packets': 1, 'fileset.name': 'ftd', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'dns', 'network.application': 'dns client', 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.hostname': 'siem-ftd', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', '@timestamp': '2019-08-26T21:11:03.000-02:00', 'related.hosts': ['siem-ftd', 'siem-ftd'], 'related.ip': ['10.0.1.20', '8.8.8.8'], 'related.user': ['No Authentication Required'], 'service.type': 'cisco', 'host.hostname': 'siem-ftd', 'event.severity': 1, 'event.code': 430003, 'event.original': '%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2019-08-26T23:11:03.000Z', 'event.type': ['connection', 'end', 'allowed'], 'event.duration': 0, 'event.action': 'connection-finished', 'event.end': '2019-08-26T21:11:03.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.destination_interface': 'outside', 'cisco.ftd.security.egress_zone': 'output-zone', 'cisco.ftd.security.dns_record_type': 'a host address', 'cisco.ftd.security.responder_packets': '1', 'cisco.ftd.security.dns_query': 'elastic.co', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.nap_policy': 'Balanced Security and Connectivity', 'cisco.ftd.security.dst_ip': '8.8.8.8', 'cisco.ftd.security.ac_policy': 'default', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.protocol': 'udp', 'cisco.ftd.security.application_protocol': 'DNS', 'cisco.ftd.security.initiator_bytes': '93', 'cisco.ftd.security.initiator_packets': '1', 'cisco.ftd.security.connection_duration': '0', 'cisco.ftd.security.client': 'DNS client', 'cisco.ftd.security.access_control_rule_name': 'Intrusion-Rule', 'cisco.ftd.security.egress_interface': 'outside', 'cisco.ftd.security.prefilter_policy': 'Default Prefilter Policy', 'cisco.ftd.security.ingress_zone': 'input-zone', 'cisco.ftd.security.src_port': '57379', 'cisco.ftd.security.dns_ttl': '70', 'cisco.ftd.security.dst_port': '53', 'cisco.ftd.security.ingress_interface': 'inside', 'cisco.ftd.security.responder_bytes': '145', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['default', 'Intrusion-Rule'], 'cisco.ftd.source_interface': 'inside', 'cisco.ftd.message_id': '430003'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_018_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.776
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'unknown', 'destination.geo.continent_name': 'Europe', 'destination.geo.country_iso_code': 'FR', 'destination.geo.country_name': 'France', 'destination.geo.location.lon': 2.3387, 'destination.geo.location.lat': 48.8582, 'destination.as.number': 3215, 'destination.as.organization.name': 'Orange', 'destination.address': '2.2.2.2', 'destination.port': 80, 'destination.bytes': 246, 'destination.ip': '2.2.2.2', 'destination.packets': 4, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-WA', 'source.geo.city_name': 'Seattle', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Washington', 'source.geo.location.lon': -122.3451, 'source.geo.location.lat': 47.6348, 'source.address': '3.3.3.3', 'source.port': 65090, 'source.bytes': 729, 'source.ip': '3.3.3.3', 'source.packets': 4, 'network.protocol': 'http', 'network.application': 'chrome', 'network.transport': 'tcp', 'network.iana_number': 6, 'observer.ingress.interface.name': 's1p2', 'observer.hostname': 'CISCO-SENSOR-3D', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 's1p1', 'related.hosts': ['CISCO-SENSOR-3D', 'CISCO-SENSOR-3D'], 'related.ip': ['3.3.3.3', '2.2.2.2'], 'related.user': ['No Authentication Required'], 'host.hostname': 'CISCO-SENSOR-3D', 'event.severity': 0, 'event.code': 430003, 'event.original': '%NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 3.3.3.3, DstIP: 2.2.2.2, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2020-03-01T01:02:16.000Z', 'event.type': ['connection', 'end', 'allowed'], 'event.duration': 20000000000, 'event.action': 'connection-finished', 'event.end': '2020-02-29T23:02:36.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'cisco.ftd.destination_interface': 's1p2', 'cisco.ftd.security.access_control_rule_reason': 'IP Monitor', 'cisco.ftd.security.egress_zone': 'Inside-DMZ-Interface-Inline', 'cisco.ftd.security.responder_packets': '4', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.nap_policy': 'State-Backbone', 'cisco.ftd.security.dst_ip': '2.2.2.2', 'cisco.ftd.security.ac_policy': 'COOL-POLICY-3D', 'cisco.ftd.security.src_ip': '3.3.3.3', 'cisco.ftd.security.protocol': 'tcp', 'cisco.ftd.security.application_protocol': 'HTTP', 'cisco.ftd.security.initiator_bytes': '729', 'cisco.ftd.security.sec_int_matching_ip': 'Destination', 'cisco.ftd.security.initiator_packets': '4', 'cisco.ftd.security.connection_duration': '20', 'cisco.ftd.security.client': 'Chrome', 'cisco.ftd.security.client_version': '80.0.3987.87', 'cisco.ftd.security.referenced_host': 'eyedropper-color-pick.info', 'cisco.ftd.security.user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', 'cisco.ftd.security.access_control_rule_name': 'Inside DMZ-Rule-Inline', 'cisco.ftd.security.egress_interface': 's1p2', 'cisco.ftd.security.prefilter_policy': 'Unknown', 'cisco.ftd.security.ingress_zone': 'Inside-DMZ-Interface-Inline', 'cisco.ftd.security.url': 'http://bad-malwaresite-grr.info/favicon.ico', 'cisco.ftd.security.src_port': '65090', 'cisco.ftd.security.http_referer': 'http://eyedropper-color-pick.info/mk?c=1581483445764', 'cisco.ftd.security.ip_reputation_si_category': 'Malware', 'cisco.ftd.security.dst_port': '80', 'cisco.ftd.security.ingress_interface': 's1p1', 'cisco.ftd.security.responder_bytes': '246', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['COOL-POLICY-3D', 'Inside DMZ-Rule-Inline'], 'cisco.ftd.source_interface': 's1p1', 'cisco.ftd.message_id': '430003', 'user_agent.original': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', 'process.name': 'Alerts', 'fileset.name': 'ftd', 'url.original': 'http://bad-malwaresite-grr.info/favicon.ico', 'url.domain': 'eyedropper-color-pick.info', 'tags': ['cisco-ftd', 'forwarded'], 'input.type': 'log', '@timestamp': '2020-02-29T23:02:36.000-02:00', 'service.type': 'cisco', 'http.request.referrer': 'http://eyedropper-color-pick.info/mk?c=1581483445764', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_023_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.763
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.original': 'Jun 20 02:41:56 198.51.100.2 1663306: Jun 20 02:41:55.222: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet', 'log.offset': 1064, 'log.level': 'informational', 'log.source.address': '198.51.100.2', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '172.217.10.46', 'destination.port': 80, 'destination.ip': '172.217.10.46', 'source.address': '198.51.100.12', 'source.port': 59825, 'source.ip': '198.51.100.12', 'source.packets': 1, 'fileset.name': 'ios', 'message': 'list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet', 'tags': ['cisco-ios', 'forwarded'], 'network.community_id': '1:chQ9+C+0W0ihrzqZ0HbcFSRdBRc=', 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.packets': 1, 'input.type': 'log', 'related.ip': ['198.51.100.12', '172.217.10.46'], 'service.type': 'cisco', 'event.severity': 6, 'event.sequence': 1663306, 'event.code': 'IPACCESSLOGP', 'event.kind': 'event', 'event.timezone': '-02:00', 'event.module': 'cisco', 'event.category': ['network', 'network_traffic'], 'event.type': ['connection', 'firewall'], 'event.dataset': 'cisco.ios', 'event.outcome': 'deny', 'cisco.ios.access_list': '150', 'cisco.ios.facility': 'SEC'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_031_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.723
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.address': '35.199.178.4', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'Mountain View', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -122.0748, 'destination.geo.location.lat': 37.4043, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '35.199.178.4', 'destination.port': 9243, 'destination.ip': '35.199.178.4', 'zeek.session_id': 'CAOvs1BMFCX2Eh0Y3', 'zeek.ssl.established': True, 'zeek.ssl.cipher': 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'zeek.ssl.server.subject.country': 'US', 'zeek.ssl.server.subject.organization': 'Elasticsearch Inc.', 'zeek.ssl.server.subject.locality': 'Mountain View', 'zeek.ssl.server.subject.state': 'California', 'zeek.ssl.server.subject.common_name': '.gcp.cloud.es.io', 'zeek.ssl.server.cert_chain_fuids': ['FebkbHWVCV8rEEEne', 'F4BDY41MGUBT6URZMd', 'FWlfEfiHVkv8evDL3'], 'zeek.ssl.server.name': 'dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io', 'zeek.ssl.server.issuer.country': 'US', 'zeek.ssl.server.issuer.organization': 'DigiCert Inc', 'zeek.ssl.server.issuer.common_name': 'DigiCert SHA2 Secure Server CA', 'zeek.ssl.curve': 'secp256r1', 'zeek.ssl.resumed': False, 'zeek.ssl.version': 'TLSv12', 'zeek.ssl.validation.status': 'ok', 'source.address': '10.178.98.102', 'source.port': 63199, 'source.ip': '10.178.98.102', 'fileset.name': 'ssl', 'tags': ['zeek.ssl'], 'network.community_id': '1:1PMhYqOKBIyRAQeMbg/pWiJ198g=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2019-01-17T01:32:16.805Z', 'related.ip': ['10.178.98.102', '35.199.178.4'], 'service.type': 'zeek', 'client.address': '10.178.98.102', 'tls.cipher': 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'tls.established': True, 'tls.server.x509.subject.country': 'US', 'tls.server.x509.subject.state_or_province': 'California', 'tls.server.x509.subject.organization': 'Elasticsearch Inc.', 'tls.server.x509.subject.locality': 'Mountain View', 'tls.server.x509.subject.common_name': '.gcp.cloud.es.io', 'tls.server.x509.issuer.country': 'US', 'tls.server.x509.issuer.organization': 'DigiCert Inc', 'tls.server.x509.issuer.common_name': 'DigiCert SHA2 Secure Server CA', 'tls.server.issuer': 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', 'tls.curve': 'secp256r1', 'tls.resumed': False, 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.kind': 'event', 'event.module': 'zeek', 'event.id': 'CAOvs1BMFCX2Eh0Y3', 'event.category': ['network'], 'event.type': ['connection', 'protocol'], 'event.dataset': 'zeek.ssl'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_045_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.63
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 23028, 'destination.as.organization.name': 'Team Cymru Inc.', 'destination.address': '38.229.70.20', 'destination.port': 8000, 'destination.ip': '38.229.70.20', 'zeek.session_id': 'CNJBX5FQdL62VUUP1', 'zeek.irc.addl': '+iw xxxxx XxxxxxXxxx ', 'zeek.irc.value': 'xxxxx', 'zeek.irc.command': 'USER', 'source.address': '10.180.156.249', 'source.port': 45921, 'source.ip': '10.180.156.249', 'fileset.name': 'irc', 'tags': ['zeek.irc'], 'network.community_id': '1:YdkGov/c+KLtmg7Cf5DLDB4+YdQ=', 'network.protocol': 'irc', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2013-12-20T15:44:10.647Z', 'related.ip': ['10.180.156.249', '38.229.70.20'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'USER', 'event.id': 'CNJBX5FQdL62VUUP1', 'event.category': ['network'], 'event.type': ['connection', 'protocol', 'info'], 'event.dataset': 'zeek.irc'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_050_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.338
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 427, 'destination.as.organization.name': 'Air Force Systems Networking', 'destination.address': '132.16.110.133', 'destination.port': 8080, 'destination.ip': '132.16.110.133', 'zeek.tunnel.action': 'Tunnel::DISCOVER', 'zeek.tunnel.type': 'Tunnel::HTTP', 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.as.number': 427, 'source.as.organization.name': 'Air Force Systems Networking', 'source.address': '132.16.146.79', 'source.port': 0, 'source.ip': '132.16.146.79', 'fileset.name': 'tunnel', 'tags': ['zeek.tunnel'], 'input.type': 'log', '@timestamp': '2018-12-10T01:34:26.743Z', 'related.ip': ['132.16.146.79', '132.16.110.133'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'Tunnel::DISCOVER', 'event.category': ['network'], 'event.type': ['connection'], 'event.dataset': 'zeek.tunnel'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_052_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.457
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'San Jose', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -121.8914, 'destination.geo.location.lat': 37.3388, 'destination.as.number': 6185, 'destination.as.organization.name': 'Apple Inc.', 'destination.address': '17.253.5.203', 'destination.port': 80, 'destination.ip': '17.253.5.203', 'zeek.http.resp_mime_types': ['application/ocsp-response'], 'zeek.http.trans_depth': 1, 'zeek.http.status_msg': 'OK', 'zeek.http.resp_fuids': ['F5zuip1tSwASjNAHy7'], 'zeek.http.tags': [], 'zeek.session_id': 'CCNp8v1SNzY7v9d1Ih', 'source.address': '10.178.98.102', 'source.port': 62995, 'source.ip': '10.178.98.102', 'fileset.name': 'http', 'url.original': '/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=', 'url.port': 80, 'url.domain': 'ocsp.apple.com', 'tags': ['zeek.http'], 'network.community_id': '1:dtBPRfpKEZyg1iOHss95buwv+cw=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2019-01-17T01:05:30.172Z', 'related.ip': ['10.178.98.102', '17.253.5.203'], 'service.type': 'zeek', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 200, 'http.response.body.bytes': 3735, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'get', 'event.id': 'CCNp8v1SNzY7v9d1Ih', 'event.type': ['connection', 'info', 'protocol'], 'event.category': ['network', 'web'], 'event.dataset': 'zeek.http', 'event.outcome': 'success', 'user_agent.original': 'com.apple.trustd/2.0', 'user_agent.name': 'Other', 'user_agent.device.name': 'Other'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_054_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.697
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.ip': '8.8.8.8', 'source.address': '192.168.1.1', 'source.ip': '192.168.1.1', 'fileset.name': 'traceroute', 'network.transport': 'udp', 'tags': ['zeek.traceroute'], 'input.type': 'log', '@timestamp': '2013-02-26T22:02:38.650Z', 'related.ip': ['192.168.1.1', '8.8.8.8'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.type': ['info'], 'event.category': ['network'], 'event.dataset': 'zeek.traceroute'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_060_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.443
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 357, 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'DE-HE', 'destination.geo.city_name': 'Frankfurt am Main', 'destination.geo.country_iso_code': 'DE', 'destination.geo.country_name': 'Germany', 'destination.geo.region_name': 'Hesse', 'destination.geo.location.lon': 8.6843, 'destination.geo.location.lat': 50.1188, 'destination.as.number': 14061, 'destination.as.organization.name': 'DigitalOcean, LLC', 'destination.address': '207.154.238.205', 'destination.ip': '207.154.238.205', 'zeek.notice.msg': '8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s', 'zeek.notice.suppress_for': 3600, 'zeek.notice.sub': 'remote', 'zeek.notice.note': 'Scan::Port_Scan', 'zeek.notice.dropped': False, 'zeek.notice.peer_descr': 'bro', 'rule.name': 'Scan::Port_Scan', 'rule.description': '8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s', 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CO', 'source.geo.city_name': 'Longmont', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Colorado', 'source.geo.location.lon': -105.1624, 'source.geo.location.lat': 40.1559, 'source.as.number': 393552, 'source.as.organization.name': 'Longmont Power & Communications', 'source.address': '8.42.77.171', 'source.ip': '8.42.77.171', 'fileset.name': 'notice', 'tags': ['zeek.notice'], 'input.type': 'log', '@timestamp': '2019-02-28T22:36:28.426Z', 'related.ip': ['8.42.77.171', '207.154.238.205'], 'service.type': 'zeek', 'event.kind': 'alert', 'event.module': 'zeek', 'event.category': ['intrusion_detection'], 'event.type': ['info', 'allowed'], 'event.dataset': 'zeek.notice'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_061_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.025
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 398, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 206, 'destination.ip': '8.8.8.8', 'destination.packets': 1, 'zeek.session_id': 'CAcJw21BbVedgFnYH4', 'zeek.connection.local_resp': False, 'zeek.connection.local_orig': True, 'zeek.connection.state': 'SF', 'zeek.connection.missed_bytes': 0, 'zeek.connection.history': 'Dd', 'zeek.connection.state_message': 'Normal establishment and termination.', 'source.address': '192.168.86.167', 'source.port': 38340, 'source.bytes': 103, 'source.ip': '192.168.86.167', 'source.packets': 1, 'fileset.name': 'connection', 'network.protocol': 'dns', 'network.community_id': '1:77KJyeznYjdDxCSKdZhW89aAaBI=', 'network.bytes': 309, 'network.transport': 'udp', 'network.packets': 2, 'network.direction': 'outbound', 'tags': ['zeek.connection', 'local_orig'], 'input.type': 'log', '@timestamp': '2019-01-11T06:33:36.857Z', 'related.ip': ['192.168.86.167', '8.8.8.8'], 'service.type': 'zeek', 'event.duration': 76967000, 'event.kind': 'event', 'event.module': 'zeek', 'event.id': 'CAcJw21BbVedgFnYH4', 'event.category': ['network'], 'event.type': ['connection', 'start', 'end'], 'event.dataset': 'zeek.connection'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_063_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.658
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 29791, 'destination.as.organization.name': 'Internap Corporation', 'destination.address': '74.63.41.218', 'destination.port': 5060, 'destination.ip': '74.63.41.218', 'zeek.session_id': 'CPRLCB4eWHdjP852Bk', 'zeek.sip.sequence.number': '4127', 'zeek.sip.sequence.method': 'REGISTER', 'zeek.sip.request.path': ['SIP/2.0/UDP 172.16.133.19:5060'], 'zeek.sip.request.from': '"AppNeta" sip:[email protected]', 'zeek.sip.request.to': 'sip:[email protected]', 'zeek.sip.request.body_length': 0, 'zeek.sip.response.path': ['SIP/2.0/UDP 172.16.133.19:5060'], 'zeek.sip.response.from': '"AppNeta" sip:[email protected]', 'zeek.sip.response.to': 'sip:[email protected];tag=as023f66a5', 'zeek.sip.response.body_length': 0, 'zeek.sip.transaction_depth': 0, 'zeek.sip.uri': 'sip:newyork.voip.ms:5060', 'zeek.sip.user_agent': 'PolycomSoundStationIP-SSIP_5000-UA/3.2.4.0267', 'zeek.sip.status.msg': 'Unauthorized', 'zeek.sip.status.code': 401, 'zeek.sip.call_id': '[email protected]', 'source.address': '172.16.133.19', 'source.port': 5060, 'source.ip': '172.16.133.19', 'fileset.name': 'sip', 'url.full': 'sip:newyork.voip.ms:5060', 'network.protocol': 'sip', 'network.community_id': '1:t8Jl0amIXPHemzxKgsLjtkB+ewo=', 'network.transport': 'udp', 'tags': ['zeek.sip'], 'input.type': 'log', '@timestamp': '2013-02-26T22:02:39.055Z', 'related.ip': ['172.16.133.19', '74.63.41.218'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'REGISTER', 'event.id': 'CPRLCB4eWHdjP852Bk', 'event.category': ['network'], 'event.type': ['connection', 'protocol', 'error'], 'event.dataset': 'zeek.sip', 'event.outcome': 'failure'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_066_okta – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.168
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CA', 'source.geo.city_name': 'Dublin', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'California', 'source.geo.location.lon': -121.919, 'source.geo.location.lat': 37.7201, 'source.as.number': 7018, 'source.as.organization.name': 'AT&T Services, Inc.', 'source.ip': '108.255.197.247', 'source.user.full_name': 'xxxxxx', 'source.user.id': '00u1abvz4pYqdM8ms4x6', 'fileset.name': 'system', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-14T22:18:51.843Z', 'related.ip': '108.255.197.247', 'related.user': 'xxxxxx', 'service.type': 'okta', 'client.geo.city_name': 'Dublin', 'client.geo.country_name': 'United States', 'client.geo.location.lon': -121.919, 'client.geo.location.lat': 37.7201, 'client.geo.region_name': 'California', 'client.ip': '108.255.197.247', 'client.user.full_name': 'xxxxxx', 'client.user.id': '00u1abvz4pYqdM8ms4x6', 'event.original': '{"actor":{"alternateId":"[email protected]","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102nZHzd6OHSfGG51vsoc22gw","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"authnRequestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestId":"XkccyyMli2Uay2I93ZgRzQAAB0c","requestUri":"/login/signout","threatSuspected":"false","url":"/login/signout?message=login_page_messages.session_has_expired"}},"displayMessage":"User logout from Okta","eventType":"user.session.end","legacyEventType":"core.user_auth.logout_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T22:18:51.843Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkccyyMli2Uay2I93ZgRzQAAB0c","type":"WEB"},"uuid":"faf7398a-4f77-11ea-97fb-5925e98228bd","version":"0"}', 'event.kind': 'event', 'event.module': 'okta', 'event.action': 'user.session.end', 'event.id': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'event.type': ['access'], 'event.category': ['authentication'], 'event.dataset': 'okta.system', 'event.outcome': 'success', 'okta.actor.id': '00u1abvz4pYqdM8ms4x6', 'okta.actor.display_name': 'xxxxxx', 'okta.actor.type': 'User', 'okta.actor.alternate_id': '[email protected]', 'okta.debug_context.debug_data.threat_suspected': 'false', 'okta.debug_context.debug_data.request_id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.debug_context.debug_data.url': '/login/signout?message=login_page_messages.session_has_expired', 'okta.debug_context.debug_data.request_uri': '/login/signout', 'okta.event_type': 'user.session.end', 'okta.authentication_context.authentication_step': 0, 'okta.authentication_context.external_session_id': '102nZHzd6OHSfGG51vsoc22gw', 'okta.client.zone': 'null', 'okta.client.ip': '108.255.197.247', 'okta.client.device': 'Computer', 'okta.client.user_agent.raw_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'okta.client.user_agent.os': 'Mac OS X', 'okta.client.user_agent.browser': 'FIREFOX', 'okta.display_message': 'User logout from Okta', 'okta.uuid': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'okta.outcome.result': 'SUCCESS', 'okta.transaction.id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.transaction.type': 'WEB', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_069_iptables – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.409
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'iptables.tcp.reserved_bits': 0, 'iptables.tcp.flags': ['ACK'], 'iptables.tcp.window': 2853, 'iptables.input_device': 'eth0', 'iptables.precedence_bits': 0, 'iptables.fragment_flags': ['DF'], 'iptables.length': 52, 'iptables.ttl': 63, 'iptables.ubiquiti.output_zone': 'lan', 'iptables.ubiquiti.input_zone': 'wan', 'iptables.ubiquiti.rule_set': 'wan-lan', 'iptables.ubiquiti.rule_number': 'default', 'iptables.ether_type': 2048, 'iptables.tos': 0, 'iptables.output_device': '', 'iptables.id': 0, 'log.original': 'Oct 10 07:25:12 Hostname kernel: [wan-lan-default-D]IN=eth0 OUT= MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=158.109.0.1 DST=10.4.0.5 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=38842 DPT=443 WINDOW=2853 RES=0x00 ACK URGP=0 ', 'log.offset': 0, 'destination.port': 443, 'destination.ip': '10.4.0.5', 'destination.mac': '90:10:20:76:8d:20', 'rule.name': 'wan-lan', 'rule.id': 'default', 'source.geo.continent_name': 'Europe', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.location.lon': -3.684, 'source.geo.location.lat': 40.4172, 'source.as.number': 13041, 'source.as.organization.name': 'Consorci de Serveis Universitaris de Catalunya', 'source.port': 38842, 'source.ip': '158.109.0.1', 'source.mac': '90:10:65:29:b6:2a', 'fileset.name': 'log', 'network.community_id': '1:RGJPRWtru8Lg2itNyFREDvoRkNA=', 'network.transport': 'tcp', 'network.type': 'ipv4', 'tags': ['iptables'], 'input.type': 'log', 'observer.ingress.zone': 'wan', 'observer.egress.zone': 'lan', 'related.ip': ['158.109.0.1', '10.4.0.5'], 'service.type': 'iptables', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'iptables', 'event.action': 'drop', 'event.type': ['denied', 'connection'], 'event.category': ['network'], 'event.dataset': 'iptables.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_076_cef – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.876
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'cef.severity': 'Unknown', 'cef.extensions.nat_addtnl_rulenum': '1', 'cef.extensions.destinationPort': 443, 'cef.extensions.sourcePort': 49363, 'cef.extensions.destinationAddress': '52.173.84.157', 'cef.extensions.origin': '192.168.101.254', 'cef.extensions.rule_uid': '9e5e6e74-aa9a-4693-b9fe-53712dd27bea', 'cef.extensions.deviceReceiptTime': '2018-11-26T22:17:32.000Z', 'cef.extensions.layer_uuid': 'b406b732-2437-4848-9741-6eae1f5bf112', 'cef.extensions.deviceCustomDate2Label': 'This field is made up', 'cef.extensions.destinationTranslatedPort': 0, 'cef.extensions.deviceCustomString5Label': 'Matched Category', 'cef.extensions.loguid': '{0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001}', 'cef.extensions.nat_rulenum': '4', 'cef.extensions.ifname': 'eth0', 'cef.extensions.transportProtocol': '6', 'cef.extensions.service_id': 'https', 'cef.extensions.layer_name': 'Network', 'cef.extensions.deviceCustomString2Label': 'Rule Name', 'cef.extensions.product': 'VPN-1 & FireWall-1', 'cef.extensions.sourceAddress': '192.168.101.100', 'cef.extensions.rule_action': 'Accept', 'cef.extensions.sequencenum': '1', 'cef.extensions.deviceAction': 'Accept', 'cef.extensions.inzone': 'Internal', 'cef.extensions.sourceTranslatedPort': 35398, 'cef.extensions.match_id': '4', 'cef.extensions.deviceCustomDate2': '2017-10-16T10:42:13.713Z', 'cef.extensions.originsicname': 'CN=R80,O=R80_M..6u6bdo', 'cef.extensions.deviceCustomString5': 'Business / Economy', 'cef.extensions.outzone': 'External', 'cef.extensions.version': '5', 'cef.extensions.sourceTranslatedAddress': '192.168.103.254', 'cef.extensions.parent_rule': '0', 'cef.extensions.destinationTranslatedAddress': '0.0.0.0', 'cef.extensions.logid': '0', 'cef.extensions.deviceDirection': 0, 'cef.name': 'https', 'cef.version': '0', 'cef.device.product': 'VPN-1 & FireWall-1', 'cef.device.event_class_id': 'Log', 'cef.device.vendor': 'Check Point', 'cef.device.version': 'Check Point', 'destination.nat.port': 0, 'destination.nat.ip': '0.0.0.0', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-IA', 'destination.geo.city_name': 'Des Moines', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Iowa', 'destination.geo.location.lon': -93.6112, 'destination.geo.location.lat': 41.6006, 'destination.as.number': 8075, 'destination.as.organization.name': 'Microsoft Corporation', 'destination.port': 443, 'destination.ip': '52.173.84.157', 'rule.category': 'Business / Economy', 'rule.uuid': '9e5e6e74-aa9a-4693-b9fe-53712dd27bea', 'source.nat.port': 35398, 'source.nat.ip': '192.168.103.254', 'source.port': 49363, 'source.ip': '192.168.101.100', 'fileset.name': 'log', 'message': 'https', 'network.community_id': '1:yRLApDaheTmJZHL4UUDMjcHWAik=', 'network.transport': '6', 'network.direction': 'inbound', 'tags': ['cef', 'forwarded'], 'input.type': 'log', 'observer.ingress.zone': 'Internal', 'observer.ingress.interface.name': 'eth0', 'observer.product': 'VPN-1 & FireWall-1', 'observer.vendor': 'Check Point', 'observer.version': 'Check Point', 'observer.egress.zone': 'External', 'related.ip': ['52.173.84.157', '0.0.0.0', '192.168.101.100', '192.168.103.254'], 'service.type': 'cef', 'event.original': 'CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Accept destinationTranslatedAddress=0.0.0.0 destinationTranslatedPort=0 deviceDirection=0 rt=1543270652000 sourceTranslatedAddress=192.168.103.254 sourceTranslatedPort=35398 spt=49363 dpt=443 cs2Label=Rule Name layer_name=Network layer_uuid=b406b732-2437-4848-9741-6eae1f5bf112 match_id=4 parent_rule=0 rule_action=Accept rule_uid=9e5e6e74-aa9a-4693-b9fe-53712dd27bea ifname=eth0 logid=0 loguid={0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001} origin=192.168.101.254 originsicname=CN\=R80,O\=R80_M..6u6bdo sequencenum=1 version=5 dst=52.173.84.157 inzone=Internal nat_addtnl_rulenum=1 nat_rulenum=4 outzone=External product=VPN-1 & FireWall-1 proto=6 service_id=https src=192.168.101.100 cs5Label=Matched Category cs5=Business / Economy deviceCustomDate2=1508150533713 deviceCustomDate2Label=This field is made up', 'event.code': 'Log', 'event.kind': 'event', 'event.module': 'cef', 'event.action': 'Accept', 'event.category': 'network', 'event.dataset': 'cef.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_078_cef – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.615
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'cef.severity': 'low', 'cef.extensions.destinationPort': 443, 'cef.extensions.eventId': 3457, 'cef.extensions.sourcePort': 33876, 'cef.extensions.sourceAddress': '6.7.8.9', 'cef.extensions.destinationAddress': '192.168.10.1', 'cef.extensions.sourceServiceName': 'httpd', 'cef.extensions.requestContext': 'https://www.google.com', 'cef.extensions.sourceGeoLatitude': 38.915, 'cef.extensions.requestUrl': 'https://www.example.com/cart', 'cef.extensions.sourceGeoLongitude': -77.511, 'cef.extensions.transportProtocol': 'TCP', 'cef.extensions.requestMethod': 'POST', 'cef.name': 'Web request', 'cef.version': '0', 'cef.device.product': 'Vaporware', 'cef.device.event_class_id': '18', 'cef.device.vendor': 'Elastic', 'cef.device.version': '1.0.0-alpha', 'destination.port': 443, 'destination.ip': '192.168.10.1', 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.port': 33876, 'source.service.name': 'httpd', 'source.ip': '6.7.8.9', 'message': 'Web request', 'fileset.name': 'log', 'url.original': 'https://www.example.com/cart', 'tags': ['cef', 'forwarded'], 'network.community_id': '1:e2rSLr3fJ93cIJDMtVABFxSH5zg=', 'network.transport': 'tcp', 'input.type': 'log', 'observer.product': 'Vaporware', 'observer.vendor': 'Elastic', 'observer.version': '1.0.0-alpha', 'related.ip': ['192.168.10.1', '6.7.8.9'], 'service.type': 'cef', 'http.request.referrer': 'https://www.google.com', 'http.request.method': 'POST', 'event.severity': 0, 'event.original': 'CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Web request|low|eventId=3457 requestMethod=POST slat=38.915 slong=-77.511 proto=TCP sourceServiceName=httpd requestContext=https://www.google.com src=6.7.8.9 spt=33876 dst=192.168.10.1 dpt=443 request=https://www.example.com/cart', 'event.code': '18', 'event.module': 'cef', 'event.id': 3457, 'event.dataset': 'cef.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_083_squid – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.264
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'rsa.internal.messageid': 'CONNECT', 'rsa.internal.hcode': 'DIRECT', 'rsa.web.alias_host': 'login.yahoo.com', 'rsa.investigations.ec_subject': 'NetworkComm', 'rsa.investigations.ec_theme': 'ALM', 'rsa.time.event_time_str': '1157689312', 'rsa.time.duration_time': 5006, 'rsa.time.event_time': '2006-09-08T04:21:52.000Z', 'rsa.misc.content_type': '-', 'rsa.misc.action': ['TCP_MISS', 'CONNECT'], 'rsa.misc.result_code': '200', 'rsa.network.domain': 'login.yahoo.com', 'server.domain': 'login.yahoo.com', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 36752, 'destination.as.organization.name': 'Oath Holdings Inc.', 'destination.ip': ['209.73.177.115'], 'source.bytes': 19763, 'source.ip': ['10.105.21.199'], 'fileset.name': 'log', 'url.original': 'login.yahoo.com:443', 'url.domain': 'login.yahoo.com', 'tags': ['squid.log', 'forwarded'], 'input.type': 'log', 'observer.product': 'Proxy', 'observer.vendor': 'Squid', 'observer.type': 'Proxies', '@timestamp': '2006-09-08T04:21:52.000Z', 'related.hosts': ['login.yahoo.com', 'login.yahoo.com'], 'related.ip': ['209.73.177.115', '10.105.21.199'], 'related.user': ['badeyek'], 'service.type': 'squid', 'event.original': '1157689312.049 5006 10.105.21.199 TCP_MISS/200 19763 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -', 'event.code': 'CONNECT', 'event.module': 'squid', 'event.action': 'TCP_MISS', 'event.dataset': 'squid.log', 'user.name': 'badeyek'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_084_cyberark – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 90.003
    • Error Details: Failed: Timeout >90.0s

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_085_coredns – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.168
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_086_coredns – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.163
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_087_zscaler – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.164
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_088_zscaler – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.161
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_089_sonicwall – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.166
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_090_sonicwall – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.156
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_091_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.155
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_092_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.161
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_093_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.217
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_094_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.191
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_095_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.15
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_096_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.148
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_097_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.153
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_098_barracuda – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.155
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_099_barracuda – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.139
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_100_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.219
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_101_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.144
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_102_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.14
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_103_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.139
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_104_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.141
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_105_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.174
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_106_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.221
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_107_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.164
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_108_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.147
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_109_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.158
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_110_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.168
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_111_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.184
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_112_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.14
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_113_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.15
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_114_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.138
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_115_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.143
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_116_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.147
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_117_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.184
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_118_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.173
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_119_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.157
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_120_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.157
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_121_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.225
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_122_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.144
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_123_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.19
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_124_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.176
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_125_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.163
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_126_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.159
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_127_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.157
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_128_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.153
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_129_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.169
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_130_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.158
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_131_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.163
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_132_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.164
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_133_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.171
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_134_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.187
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_135_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.182
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_136_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.167
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_137_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.182
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_138_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.187
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_139_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.164
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_140_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.148
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_141_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.155
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_142_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.162
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_143_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.193
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_144_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.155
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

Steps errors 3

Expand to view the steps failures

  • Name: mage build test

    • Description: mage build test

    • Duration: 26 min 2 sec

    • Start Time: 2020-10-06T17:59:59.847+0000

    • log

  • Name: mage build test

    • Description: mage build test

    • Duration: 20 min 12 sec

    • Start Time: 2020-10-06T17:59:51.741+0000

    • log

  • Name: mage build test

    • Description: mage build test

    • Duration: 52 min 51 sec

    • Start Time: 2020-10-06T18:00:10.383+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-10-06T18:55:34.784Z]  runc:
[2020-10-06T18:55:34.784Z]   Version:          1.0.0-rc10
[2020-10-06T18:55:34.784Z]   GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
[2020-10-06T18:55:34.784Z]  docker-init:
[2020-10-06T18:55:34.784Z]   Version:          0.18.0
[2020-10-06T18:55:34.784Z]   GitCommit:        fec3683
[2020-10-06T18:55:43.395Z] [INFO] unstashV2: JOB_GCS_BUCKET is set. bucket param got precedency instead.
[2020-10-06T18:55:43.422Z] [INFO] unstashV2: JOB_GCS_CREDENTIALS is set. credentialsId param got precedency instead.
[2020-10-06T18:55:43.500Z] [Google Cloud Storage Plugin] Found 1 files to download from pattern: gs://beats-ci-temp/Beats/beats/PR-21589-1/source/source.tgz
[2020-10-06T18:55:43.518Z] [Google Cloud Storage Plugin] Downloading: Beats/beats/PR-21589-1/source/source.tgz to local path: /var/lib/jenkins/workspace/Beats_beats_PR-21589/source.tgz
[2020-10-06T18:55:53.397Z] + tar --version
[2020-10-06T18:55:53.713Z] + tar -xpf source.tgz
[2020-10-06T18:56:06.297Z] + rm source.tgz
[2020-10-06T18:56:06.479Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats
[2020-10-06T18:56:06.515Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/lint-1602006964763
[2020-10-06T18:56:06.635Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/libbeat-stress-tests-1602007217248
[2020-10-06T18:56:06.752Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/winlogbeat-crosscompile-1602007300525
[2020-10-06T18:56:06.874Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/auditbeat-crosscompile-1602007320825
[2020-10-06T18:56:07.004Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-elastic-agent-build-1602007338343
[2020-10-06T18:56:07.135Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-dockerlogbeat-build-1602007382540
[2020-10-06T18:56:07.278Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/journalbeat-unitTest-1602007400700
[2020-10-06T18:56:07.407Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-functionbeat-build-1602007477543
[2020-10-06T18:56:07.543Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/libbeat-crosscompile-1602007482207
[2020-10-06T18:56:07.682Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/packetbeat-build-1602007598479
[2020-10-06T18:56:07.818Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-elastic-agent-windows-windows-2019-1602007684143
[2020-10-06T18:56:07.944Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-unitTest-1602007712611
[2020-10-06T18:56:08.055Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/auditbeat-windows-windows-2019-1602007758694
[2020-10-06T18:56:08.170Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/heartbeat-build-1602007814238
[2020-10-06T18:56:08.286Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/heartbeat-windows-windows-2019-1602007815299
[2020-10-06T18:56:08.409Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-crosscompile-1602007831267
[2020-10-06T18:56:08.521Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/auditbeat-build-1602007835711
[2020-10-06T18:56:08.654Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/generator-beat-test-1602007883353
[2020-10-06T18:56:08.774Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/generator-metricbeat-test-1602007885524
[2020-10-06T18:56:08.915Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/filebeat-windows-windows-2019-1602007952065
[2020-10-06T18:56:09.027Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-winlogbeat-build-windows-2019-1602007957721
[2020-10-06T18:56:09.191Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-auditbeat-windows-windows-2019-1602007978024
[2020-10-06T18:56:09.301Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-auditbeat-build-1602008003413
[2020-10-06T18:56:09.412Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-libbeat-build-1602008017556
[2020-10-06T18:56:09.540Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/packetbeat-windows-windows-2019-1602008070517
[2020-10-06T18:56:09.656Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-functionbeat-windows-windows-2019-1602008099846
[2020-10-06T18:56:09.767Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/winlogbeat-windows-windows-2019-1602008120968
[2020-10-06T18:56:09.963Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-filebeat-windows-windows-2019-1602008197434
[2020-10-06T18:56:10.107Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-windows-windows-2019-1602008282717
[2020-10-06T18:56:10.246Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-windows-windows-2019-1602008400131
[2020-10-06T18:56:10.448Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/libbeat-build-1602008409170
[2020-10-06T18:56:10.632Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/filebeat-build-1602008767873
[2020-10-06T18:56:10.785Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-goIntegTest-1602009199806
[2020-10-06T18:56:10.928Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-pythonIntegTest-1602009261402
[2020-10-06T18:56:11.072Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-build-1602010204463
[2020-10-06T18:56:11.185Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-filebeat-build-1602010329022
[2020-10-06T18:56:11.674Z] + cat
[2020-10-06T18:56:11.675Z] + /usr/local/bin/runbld ./runbld-test-reports --job-name elastic+beats+pull-request
[2020-10-06T18:56:11.675Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-10-06T18:56:18.248Z] runbld>>> runbld started
[2020-10-06T18:56:18.248Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-10-06T18:56:19.629Z] runbld>>> The following profiles matched the job 'elastic+beats+pull-request' in order of occurrence in the config (last value wins).
[2020-10-06T18:56:19.629Z] runbld>>> Matches in the system config:
[2020-10-06T18:56:19.629Z] runbld>>> - Matched ^elastic\+beats
[2020-10-06T18:56:19.629Z] runbld>>> - Matched ^elastic\+beats\+pull-request
[2020-10-06T18:56:21.012Z] runbld>>> Debug logging enabled.
[2020-10-06T18:56:21.012Z] runbld>>> Storing result
[2020-10-06T18:56:21.012Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-10-06T18:56:21.012Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20201006185620-8B612B93
[2020-10-06T18:56:21.012Z] runbld>>> Adding system facts.
[2020-10-06T18:56:22.393Z] runbld>>> Adding vcs info for the latest commit:  f1a4f6ed6cc4338e122f1ea04d1e2441aedfde0c
[2020-10-06T18:56:22.393Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-10-06T18:56:22.393Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-10-06T18:56:22.393Z] + echo 'Processing JUnit reports with runbld...'
[2020-10-06T18:56:22.393Z] Processing JUnit reports with runbld...
[2020-10-06T18:56:22.654Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-10-06T18:56:22.654Z] runbld>>> DURATION: 27ms
[2020-10-06T18:56:22.654Z] runbld>>> STDOUT: 40 bytes
[2020-10-06T18:56:22.654Z] runbld>>> STDERR: 49 bytes
[2020-10-06T18:56:22.654Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-10-06T18:56:22.655Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-21589
[2020-10-06T18:56:23.594Z] runbld>>> Storing build metadata: 
[2020-10-06T18:56:23.594Z] runbld>>> Adding test report.
[2020-10-06T18:56:23.594Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats
[2020-10-06T18:56:24.534Z] runbld>>> Found 122 test output files
[2020-10-06T18:56:24.794Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-goIntegTest-1602009199806/metricbeat/build/TEST-go-integration-graphite.xml
[2020-10-06T18:56:25.056Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/metricbeat-goIntegTest-1602009199806/metricbeat/build/TEST-go-integration-windows.xml
[2020-10-06T18:56:25.700Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-build-1602010204463/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-10-06T18:56:25.700Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-build-1602010204463/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-10-06T18:56:25.700Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-build-1602010204463/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-10-06T18:56:25.963Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-build-1602010204463/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-10-06T18:56:25.963Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21589/src/github.com/elastic/beats/x-pack-metricbeat-build-1602010204463/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-10-06T18:56:27.883Z] runbld>>> Test output logs contained: Errors: 0 Failures: 198 Tests: 17548 Skipped: 1083
[2020-10-06T18:56:28.144Z] runbld>>> Storing result
[2020-10-06T18:56:28.144Z] runbld>>> FAILURES: 198
[2020-10-06T18:57:06.915Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-10-06T18:57:06.915Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20201006185620-8B612B93
[2020-10-06T18:57:06.915Z] runbld>>> Email notification disabled by environment variable.
[2020-10-06T18:57:06.915Z] runbld>>> Slack notification disabled by environment variable.
[2020-10-06T18:57:09.979Z] Running on beats-ci-immutable-ubuntu-1804-1602010559178294894 in /var/lib/jenkins/workspace/Beats_beats_PR-21589
[2020-10-06T18:57:10.042Z] [INFO] getVaultSecret: Getting secrets
[2020-10-06T18:57:10.140Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-10-06T18:57:11.900Z] + chmod 755 generate-build-data.sh
[2020-10-06T18:57:11.900Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21589/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21589/runs/1 FAILURE 5239668
[2020-10-06T18:57:11.900Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21589/runs/1/steps/?limit=10000 -o steps-info.json
[2020-10-06T18:57:15.215Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21589/runs/1/tests/?status=FAILED -o tests-errors.json

ph
ph approved these changes Oct 6, 2020
View reviewed changes
Copy link
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@michalpristas michalpristas merged commit 4dde16d into elastic:7.x Oct 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@ph ph ph approved these changes

@jfsiii jfsiii jfsiii approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@michalpristas michalpristas

Labels

enhancement Ingest Management:beta2 Group issues for ingest management beta2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@michalpristas @elasticmachine @ph @jfsiii