diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 77d6f4f332f7..d7d4137bb2fc 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -116,6 +116,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff] - Fix handling of MySQL audit logs with strict JSON parser. {issue}35158[35158] {pull}35160[35160] - Sanitize filenames for request tracer in cel input. {pull}35154[35154] - Fix accidental error overwrite in defer statement in entityanalytics Azure AD input. {issue}35153[35153] {pull}35169[35169] +- Fixing the grok expression outputs of log files {pull}35221[35221] *Heartbeat* diff --git a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json index 834b21be30a1..fe30e40671fd 100644 --- a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json +++ b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json @@ -1,11 +1,12 @@ [ { "@timestamp": "2018-08-28T18:24:25.000Z", - "destination.address": "10.100.220.70", - "destination.ip": "10.100.220.70", + "destination.address": [ + "10.100.220.70", + "10.100.220.70" + ], "destination.port": 80, "event.category": [ - "network", "web" ], "event.dataset": "iis.access", @@ -14,9 +15,6 @@ "event.module": "iis", "event.original": "2018-08-28 18:24:25 [10.100.220.70](http://10.100.220.70) GET / - 80 - [10.100.118.31](http://10.100.118.31) Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C;+.NET+CLR+3.5.30729;+.NET+CLR[+2.0.50727](tel:+2050727);+.NET+CLR+3.0.30729) 404 4 2 792", "event.outcome": "failure", - "event.type": [ - "connection" - ], "fileset.name": "access", "http.request.method": "GET", "http.response.status_code": 404, @@ -24,13 +22,11 @@ "iis.access.win32_status": 2, "input.type": "log", "log.offset": 244, - "related.ip": [ + "service.type": "iis", + "source.address": [ "10.100.118.31", - "10.100.220.70" + "10.100.118.31" ], - "service.type": "iis", - "source.address": "10.100.118.31", - "source.ip": "10.100.118.31", "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", diff --git a/filebeat/module/mysql/slowlog/test/mariadb-10.3.13.log-expected.json b/filebeat/module/mysql/slowlog/test/mariadb-10.3.13.log-expected.json index 25218a2ad0f2..184dc41a217c 100644 --- a/filebeat/module/mysql/slowlog/test/mariadb-10.3.13.log-expected.json +++ b/filebeat/module/mysql/slowlog/test/mariadb-10.3.13.log-expected.json @@ -31,7 +31,10 @@ "mysql.slowlog.rows_affected": 0, "mysql.slowlog.rows_examined": 3145718, "mysql.slowlog.rows_sent": 10, - "mysql.slowlog.schema": "employees-test", + "mysql.slowlog.schema": [ + "employees-test", + "employees-test" + ], "mysql.slowlog.tmp_disk_tables": "0", "mysql.slowlog.tmp_table": true, "mysql.slowlog.tmp_table_on_disk": false, diff --git a/filebeat/module/mysql/slowlog/test/mysql-ubuntu-8.0.15.log-expected.json b/filebeat/module/mysql/slowlog/test/mysql-ubuntu-8.0.15.log-expected.json index ed03467ea1da..e5850fb8bcbd 100644 --- a/filebeat/module/mysql/slowlog/test/mysql-ubuntu-8.0.15.log-expected.json +++ b/filebeat/module/mysql/slowlog/test/mysql-ubuntu-8.0.15.log-expected.json @@ -74,7 +74,10 @@ "mysql.slowlog.sort_scan_count": 1, "mysql.slowlog.tmp_disk_tables": 0, "mysql.slowlog.tmp_tables": 1, - "mysql.thread_id": "16", + "mysql.thread_id": [ + 16, + "16" + ], "related.user": [ "root" ], diff --git a/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log-expected.json b/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log-expected.json index 5cc4543a9706..c63329021431 100644 --- a/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log-expected.json +++ b/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log-expected.json @@ -26,7 +26,10 @@ "mysql.slowlog.rows_affected": 0, "mysql.slowlog.rows_examined": 3145718, "mysql.slowlog.rows_sent": 10, - "mysql.slowlog.schema": "employees", + "mysql.slowlog.schema": [ + "employees", + "employees" + ], "mysql.thread_id": 182, "related.user": [ "root" @@ -74,7 +77,10 @@ "mysql.slowlog.rows_affected": 0, "mysql.slowlog.rows_examined": 3145718, "mysql.slowlog.rows_sent": 10, - "mysql.slowlog.schema": "employees", + "mysql.slowlog.schema": [ + "employees", + "employees" + ], "mysql.slowlog.tmp_disk_tables": "0", "mysql.slowlog.tmp_table": true, "mysql.slowlog.tmp_table_on_disk": false, diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index b5fe0a4f41c2..afaa204443a1 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.7.0-61c35791-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.7.1-1bebafa7-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.7.0-61c35791-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.7.1-1bebafa7-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.7.0-61c35791-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.7.1-1bebafa7-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing"