elastic · marc-gr · Dec 14, 2021 · Dec 13, 2021 · Dec 14, 2021 · Dec 14, 2021
diff --git a/internal/install/install.go b/internal/install/install.go
@@ -166,32 +166,25 @@ func writeStackResources(elasticPackagePath *locations.LocationManager) error {
 	// Install GeoIP database
 	ingestGeoIPDir := filepath.Join(elasticPackagePath.StackDir(), "ingest-geoip")
 
-	// This directory is intended to be empty as we include GeoIP databases only in the 8x stack family.
 	ingestGeoIPDefaultDir := filepath.Join(ingestGeoIPDir, "default")
 	err = os.MkdirAll(ingestGeoIPDefaultDir, 0755)
 	if err != nil {
 		return errors.Wrapf(err, "creating directory failed (path: %s)", ingestGeoIPDefaultDir)
 	}
 
-	ingestGeoIP8xDir := filepath.Join(ingestGeoIPDir, "8x")
-	err = os.MkdirAll(ingestGeoIP8xDir, 0755)
-	if err != nil {
-		return errors.Wrapf(err, "creating directory failed (path: %s)", ingestGeoIP8xDir)
-	}
-
-	geoIpAsnMmdbPath := filepath.Join(ingestGeoIP8xDir, "GeoLite2-ASN.mmdb")
+	geoIpAsnMmdbPath := filepath.Join(ingestGeoIPDefaultDir, "GeoLite2-ASN.mmdb")
 	err = writeStaticResource(err, geoIpAsnMmdbPath, geoIpAsnMmdb)
 	if err != nil {
 		return errors.Wrapf(err, "copying GeoIP ASN database failed (%s)", geoIpAsnMmdbPath)
 	}
 
-	geoIpCityMmdbPath := filepath.Join(ingestGeoIP8xDir, "GeoLite2-City.mmdb")
+	geoIpCityMmdbPath := filepath.Join(ingestGeoIPDefaultDir, "GeoLite2-City.mmdb")
 	err = writeStaticResource(err, geoIpCityMmdbPath, geoIpCityMmdb)
 	if err != nil {
 		return errors.Wrapf(err, "copying GeoIP city database failed (%s)", geoIpCityMmdbPath)
 	}
 
-	geoIpCountryMmdbPath := filepath.Join(ingestGeoIP8xDir, "GeoLite2-Country.mmdb")
+	geoIpCountryMmdbPath := filepath.Join(ingestGeoIPDefaultDir, "GeoLite2-Country.mmdb")
 	err = writeStaticResource(err, geoIpCountryMmdbPath, geoIpCountryMmdb)
 	if err != nil {
 		return errors.Wrapf(err, "copying GeoIP country database failed (%s)", geoIpCountryMmdbPath)

diff --git a/...packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json b/...packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json
@@ -25,7 +25,7 @@
                 "ip": "::1"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903774500Z",
+                "ingested": "2021-12-14T10:30:19.171259100Z",
                 "original": "::1 - - [26/Dec/2016:16:16:29 +0200] \"GET /favicon.ico HTTP/1.1\" 404 209",
                 "category": "web",
                 "kind": "event",
@@ -45,17 +45,6 @@
             ]
         },
         {
-            "source": {
-                "address": "192.168.33.1",
-                "ip": "192.168.33.1"
-            },
-            "url": {
-                "path": "/hello",
-                "original": "/hello"
-            },
-            "tags": [
-                "preserve_original_event"
-            ],
             "apache": {
                 "access": {}
             },
@@ -76,8 +65,12 @@
                     "status_code": 404
                 }
             },
+            "source": {
+                "address": "192.168.33.1",
+                "ip": "192.168.33.1"
+            },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903783200Z",
+                "ingested": "2021-12-14T10:30:19.171272300Z",
                 "original": "192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"",
                 "category": "web",
                 "kind": "event",
@@ -87,6 +80,10 @@
             "user": {
                 "name": "-"
             },
+            "url": {
+                "path": "/hello",
+                "original": "/hello"
+            },
             "user_agent": {
                 "name": "Firefox",
                 "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0",
@@ -99,7 +96,10 @@
                     "name": "Mac"
                 },
                 "version": "50.0."
-            }
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
         },
         {
             "apache": {
@@ -119,7 +119,7 @@
                 "ip": "::1"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903788600Z",
+                "ingested": "2021-12-14T10:30:19.171276600Z",
                 "original": "::1 - - [26/Dec/2016:16:16:48 +0200] \"-\" 408 -",
                 "category": "web",
                 "kind": "event",
@@ -134,17 +134,6 @@
             ]
         },
         {
-            "source": {
-                "address": "172.17.0.1",
-                "ip": "172.17.0.1"
-            },
-            "url": {
-                "path": "/stringpatch",
-                "original": "/stringpatch"
-            },
-            "tags": [
-                "preserve_original_event"
-            ],
             "apache": {
                 "access": {}
             },
@@ -165,8 +154,12 @@
                     "status_code": 404
                 }
             },
+            "source": {
+                "address": "172.17.0.1",
+                "ip": "172.17.0.1"
+            },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903792500Z",
+                "ingested": "2021-12-14T10:30:19.171281Z",
                 "original": "172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"",
                 "category": "web",
                 "kind": "event",
@@ -176,6 +169,10 @@
             "user": {
                 "name": "-"
             },
+            "url": {
+                "path": "/stringpatch",
+                "original": "/stringpatch"
+            },
             "user_agent": {
                 "name": "Firefox Alpha",
                 "original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
@@ -188,20 +185,12 @@
                     "name": "Other"
                 },
                 "version": "15.0.a2"
-            }
-        },
-        {
-            "source": {
-                "address": "monitoring-server",
-                "domain": "monitoring-server"
-            },
-            "url": {
-                "path": "/status",
-                "original": "/status"
             },
             "tags": [
                 "preserve_original_event"
-            ],
+            ]
+        },
+        {
             "apache": {
                 "access": {}
             },
@@ -222,8 +211,12 @@
                     "status_code": 200
                 }
             },
+            "source": {
+                "address": "monitoring-server",
+                "domain": "monitoring-server"
+            },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903797600Z",
+                "ingested": "2021-12-14T10:30:19.171285300Z",
                 "original": "monitoring-server - - [29/May/2017:19:02:48 +0000] \"GET /status HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"",
                 "category": "web",
                 "kind": "event",
@@ -233,6 +226,10 @@
             "user": {
                 "name": "-"
             },
+            "url": {
+                "path": "/status",
+                "original": "/status"
+            },
             "user_agent": {
                 "name": "Firefox Alpha",
                 "original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
@@ -245,7 +242,10 @@
                     "name": "Other"
                 },
                 "version": "15.0.a2"
-            }
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
         },
         {
             "apache": {
@@ -271,7 +271,7 @@
                 "ip": "127.0.0.1"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903803900Z",
+                "ingested": "2021-12-14T10:30:19.171289700Z",
                 "original": "127.0.0.1 - - [02/Feb/2019:05:38:45 +0100] \"-\" 408 152 \"-\" \"-\"",
                 "category": "web",
                 "kind": "event",
@@ -293,18 +293,6 @@
             ]
         },
         {
-            "source": {
-                "address": "monitoring-server",
-                "domain": "monitoring-server"
-            },
-            "url": {
-                "path": "/A Beka G1 Howe/029_AND_30/15 reading elephants.mp4",
-                "extension": "mp4",
-                "original": "/A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4"
-            },
-            "tags": [
-                "preserve_original_event"
-            ],
             "apache": {
                 "access": {}
             },
@@ -325,8 +313,12 @@
                     "status_code": 200
                 }
             },
+            "source": {
+                "address": "monitoring-server",
+                "domain": "monitoring-server"
+            },
             "event": {
-                "ingested": "2021-12-09T13:30:29.903809300Z",
+                "ingested": "2021-12-14T10:30:19.171328400Z",
                 "original": "monitoring-server - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"",
                 "category": "web",
                 "kind": "event",
@@ -336,6 +328,11 @@
             "user": {
                 "name": "-"
             },
+            "url": {
+                "path": "/A Beka G1 Howe/029_AND_30/15 reading elephants.mp4",
+                "extension": "mp4",
+                "original": "/A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4"
+            },
             "user_agent": {
                 "name": "Firefox Alpha",
                 "original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
@@ -348,7 +345,10 @@
                     "name": "Other"
                 },
                 "version": "15.0.a2"
-            }
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
         }
     ]
 }
diff --git a/...ackages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json b/...ackages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json
@@ -25,7 +25,7 @@
                 "ip": "::1"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:30.879403900Z",
+                "ingested": "2021-12-14T10:30:20.126148600Z",
                 "original": "::1 - - [26/Dec/2016:16:16:28 +0200] \"GET / HTTP/1.1\" 200 45",
                 "category": "web",
                 "kind": "event",
@@ -68,7 +68,7 @@
                 "ip": "::1"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:30.879409400Z",
+                "ingested": "2021-12-14T10:30:20.126162400Z",
                 "original": "::1 - - [26/Dec/2016:16:16:29 +0200] \"GET /favicon.ico HTTP/1.1\" 404 209",
                 "category": "web",
                 "kind": "event",
@@ -105,7 +105,7 @@
                 "ip": "::1"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:30.879413800Z",
+                "ingested": "2021-12-14T10:30:20.126170700Z",
                 "original": "::1 - - [26/Dec/2016:16:16:48 +0200] \"-\" 408 -",
                 "category": "web",
                 "kind": "event",
@@ -142,14 +142,14 @@
             "source": {
                 "geo": {
                     "continent_name": "Europe",
-                    "region_iso_code": "SE-AB",
-                    "city_name": "Tumba",
+                    "region_iso_code": "SE-E",
+                    "city_name": "Linköping",
                     "country_iso_code": "SE",
                     "country_name": "Sweden",
-                    "region_name": "Stockholm",
+                    "region_name": "Östergötland County",
                     "location": {
-                        "lon": 17.8167,
-                        "lat": 59.2
+                        "lon": 15.6167,
+                        "lat": 58.4167
                     }
                 },
                 "as": {
@@ -162,7 +162,7 @@
                 "ip": "89.160.20.156"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:30.879418Z",
+                "ingested": "2021-12-14T10:30:20.126178600Z",
                 "original": "89.160.20.156 - - [26/Dec/2016:18:23:35 +0200] \"GET / HTTP/1.1\" 200 45",
                 "category": "web",
                 "kind": "event",
@@ -203,14 +203,14 @@
             "source": {
                 "geo": {
                     "continent_name": "Europe",
-                    "region_iso_code": "SE-AB",
-                    "city_name": "Tumba",
+                    "region_iso_code": "SE-E",
+                    "city_name": "Linköping",
                     "country_iso_code": "SE",
                     "country_name": "Sweden",
-                    "region_name": "Stockholm",
+                    "region_name": "Östergötland County",
                     "location": {
-                        "lon": 17.8167,
-                        "lat": 59.2
+                        "lon": 15.6167,
+                        "lat": 58.4167
                     }
                 },
                 "as": {
@@ -223,7 +223,7 @@
                 "ip": "89.160.20.156"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:30.879422100Z",
+                "ingested": "2021-12-14T10:30:20.126186500Z",
                 "original": "89.160.20.156 - - [26/Dec/2016:18:23:41 +0200] \"GET /notfound HTTP/1.1\" 404 206",
                 "category": "web",
                 "kind": "event",
@@ -264,14 +264,14 @@
             "source": {
                 "geo": {
                     "continent_name": "Europe",
-                    "region_iso_code": "SE-AB",
-                    "city_name": "Tumba",
+                    "region_iso_code": "SE-E",
+                    "city_name": "Linköping",
                     "country_iso_code": "SE",
                     "country_name": "Sweden",
-                    "region_name": "Stockholm",
+                    "region_name": "Östergötland County",
                     "location": {
-                        "lon": 17.8167,
-                        "lat": 59.2
+                        "lon": 15.6167,
+                        "lat": 58.4167
                     }
                 },
                 "as": {
@@ -284,7 +284,7 @@
                 "ip": "89.160.20.156"
             },
             "event": {
-                "ingested": "2021-12-09T13:30:30.879427100Z",
+                "ingested": "2021-12-14T10:30:20.126194300Z",
                 "original": "89.160.20.156 - - [26/Dec/2016:18:23:45 +0200] \"GET /hmm HTTP/1.1\" 404 201",
                 "category": "web",
                 "kind": "event",