diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index 91ea83b1b07..710e0b4cd99 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.15.1" + changes: + - description: Add missing ECS field mappings + type: bugfix + link: https://github.com/elastic/integrations/pull/6920 - version: "1.15.0" changes: - description: Enable time series data streams for the metrics datasets. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html diff --git a/packages/nginx/data_stream/access/_dev/test/pipeline/test-access.log-expected.json b/packages/nginx/data_stream/access/_dev/test/pipeline/test-access.log-expected.json index 531fa5adb93..ada1246d140 100644 --- a/packages/nginx/data_stream/access/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/nginx/data_stream/access/_dev/test/pipeline/test-access.log-expected.json @@ -11,7 +11,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640507096Z", + "ingested": "2023-08-14T16:15:39.257935331Z", "kind": "event", "original": "67.43.156.13 - - [25/Oct/2016:14:49:33 +0200] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36\"", "outcome": "success", @@ -91,7 +91,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640525096Z", + "ingested": "2023-08-14T16:15:39.257975407Z", "kind": "event", "original": "67.43.156.13 - - [25/Oct/2016:14:49:34 +0200] \"GET /favicon.ico HTTP/1.1\" 404 571 \"http://localhost:8080/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36\"", "outcome": "failure", @@ -173,7 +173,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640527429Z", + "ingested": "2023-08-14T16:15:39.257978393Z", "kind": "event", "original": "67.43.156.13 - - [25/Oct/2016:14:50:44 +0200] \"GET /adsasd HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36\"", "outcome": "failure", @@ -253,7 +253,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640529221Z", + "ingested": "2023-08-14T16:15:39.257980557Z", "kind": "event", "original": "67.43.156.13 - - [07/Dec/2016:10:34:43 +0100] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "success", @@ -333,7 +333,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640530971Z", + "ingested": "2023-08-14T16:15:39.257982611Z", "kind": "event", "original": "67.43.156.13 - - [07/Dec/2016:10:34:43 +0100] \"GET /favicon.ico HTTP/1.1\" 404 571 \"http://localhost:8080/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure", @@ -415,7 +415,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640532637Z", + "ingested": "2023-08-14T16:15:39.257984705Z", "kind": "event", "original": "67.43.156.13 - - [07/Dec/2016:10:43:18 +0100] \"GET /test HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure", @@ -495,7 +495,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640534387Z", + "ingested": "2023-08-14T16:15:39.257986608Z", "kind": "event", "original": "67.43.156.13 - - [07/Dec/2016:10:43:21 +0100] \"GET /test HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure", @@ -575,7 +575,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640536054Z", + "ingested": "2023-08-14T16:15:39.257988842Z", "kind": "event", "original": "67.43.156.13 - - [07/Dec/2016:10:43:23 +0100] \"GET /test1 HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure", @@ -655,7 +655,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640537762Z", + "ingested": "2023-08-14T16:15:39.257990926Z", "kind": "event", "original": "127.0.0.1 - - [07/Dec/2016:11:04:37 +0100] \"GET /test1 HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure", @@ -723,7 +723,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640539429Z", + "ingested": "2023-08-14T16:15:39.257992940Z", "kind": "event", "original": "127.0.0.1 - - [07/Dec/2016:11:04:58 +0100] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"", "outcome": "success", @@ -791,7 +791,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640541096Z", + "ingested": "2023-08-14T16:15:39.257997038Z", "kind": "event", "original": "127.0.0.1 - - [07/Dec/2016:11:04:59 +0100] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"", "outcome": "success", @@ -859,7 +859,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.640542887Z", + "ingested": "2023-08-14T16:15:39.257999452Z", "kind": "event", "original": "127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] \"GET /taga HTTP/1.1\" 404 169 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"\nlessons.example.com 192.168.0.1 - - [09/Jun/2020:12:10:39 -0700] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 206 7648063 \"http://lessons.example.com/A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4\" \"Mozilla/5.0 (Linux; Android 5.1.1; KFFOWI) AppleWebKit/537.36 (KHTML, like Gecko) Silk/81.2.16 like Chrome/81.0.4044.138 Safari/537.36\"\nlessons.example.com 192.168.0.1 - - [09/Jun/2020:12:15:39 -0700] \"GET /%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B0%D1%8F%20%D1%88%D0%BA%D0%BE%D0%BB%D0%B0%20-%20InternetUrok%201%D0%BA%D0%BB%D0%B0%D1%81%D1%81/ HTTP/1.1\" 206 7648063 \"http://lessons.example.com/A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4\" \"Mozilla/5.0 (Linux; Android 5.1.1; KFFOWI) AppleWebKit/537.36 (KHTML, like Gecko) Silk/81.2.16 like Chrome/81.0.4044.138 Safari/537.36\"", "outcome": "failure", diff --git a/packages/nginx/data_stream/access/_dev/test/pipeline/test-nginx.log-expected.json b/packages/nginx/data_stream/access/_dev/test/pipeline/test-nginx.log-expected.json index 9c119819f83..ea84b1f8019 100644 --- a/packages/nginx/data_stream/access/_dev/test/pipeline/test-nginx.log-expected.json +++ b/packages/nginx/data_stream/access/_dev/test/pipeline/test-nginx.log-expected.json @@ -11,7 +11,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.725697721Z", + "ingested": "2023-08-14T16:15:39.426582165Z", "kind": "event", "original": "10.0.0.2, 10.0.0.1, 127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"", "outcome": "success", @@ -81,7 +81,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.725715762Z", + "ingested": "2023-08-14T16:15:39.426599247Z", "kind": "event", "original": "172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"", "outcome": "failure", @@ -149,7 +149,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.725718054Z", + "ingested": "2023-08-14T16:15:39.426601441Z", "kind": "event", "original": "10.0.0.2, 10.0.0.1, 67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"", "outcome": "success", @@ -231,7 +231,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.725719804Z", + "ingested": "2023-08-14T16:15:39.426603465Z", "kind": "event", "original": "67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\"\n\"10.5.102.222, 199.96.1.1, 204.246.1.1\" 10.2.1.185 - - [22/Jan/2016:13:18:29 +0000] \"GET /assets/xxxx?q=100 HTTP/1.1\" 200 25507 \"-\" \"Amazon CloudFront\"\n2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6, 10.225.192.17 10.2.2.121 - - [30/Dec/2016:06:47:09 +0000] \"GET /test.html HTTP/1.1\" 404 8571 \"-\" \"Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)\"", "outcome": "success", @@ -310,7 +310,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.725721554Z", + "ingested": "2023-08-14T16:15:39.426605509Z", "kind": "event", "original": "127.0.0.1 - - [12/Apr/2018:09:48:40 +0200] \"\" 400 0 \"-\" \"-\"\nunix: - - [26/Feb/2019:15:39:42 +0100] \"hello\" 400 173 \"-\" \"-\"\nlocalhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\nlocalhost, localhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\n", "outcome": "failure", diff --git a/packages/nginx/data_stream/access/_dev/test/pipeline/test-test-with-host.log-expected.json b/packages/nginx/data_stream/access/_dev/test/pipeline/test-test-with-host.log-expected.json index f1b5c08f6cc..0d5ce878cec 100644 --- a/packages/nginx/data_stream/access/_dev/test/pipeline/test-test-with-host.log-expected.json +++ b/packages/nginx/data_stream/access/_dev/test/pipeline/test-test-with-host.log-expected.json @@ -14,7 +14,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.777617179Z", + "ingested": "2023-08-14T16:15:39.533322711Z", "kind": "event", "original": "example.com 10.0.0.2, 10.0.0.1, 127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"\nexample.com 172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\nexample.com 10.0.0.2, 10.0.0.1, 67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"\nexample.com:80 67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\"\nexample.com:80 \"10.5.102.222, 199.96.1.1, 204.246.1.1\" 10.2.1.185 - - [22/Jan/2016:13:18:29 +0000] \"GET /assets/xxxx?q=100 HTTP/1.1\" 200 25507 \"-\" \"Amazon CloudFront\"", "outcome": "success", @@ -88,7 +88,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.777634971Z", + "ingested": "2023-08-14T16:15:39.533339062Z", "kind": "event", "original": "67.43.156.15 2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6, 10.225.192.17 10.2.2.121 - - [30/Dec/2016:06:47:09 +0000] \"GET /test.html HTTP/1.1\" 404 8571 \"-\" \"Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)\"", "outcome": "failure", @@ -167,7 +167,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.777637262Z", + "ingested": "2023-08-14T16:15:39.533341597Z", "kind": "event", "original": "67.43.156.15:80 127.0.0.1 - - [12/Apr/2018:09:48:40 +0200] \"\" 400 0 \"-\" \"-\"\nexample.com:80 unix: - - [26/Feb/2019:15:39:42 +0100] \"hello\" 400 173 \"-\" \"-\"", "outcome": "failure", @@ -218,7 +218,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.777639137Z", + "ingested": "2023-08-14T16:15:39.533343691Z", "kind": "event", "original": "67.43.156.15 localhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\nexample.com localhost, localhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"", "outcome": "success", diff --git a/packages/nginx/data_stream/access/fields/ecs.yml b/packages/nginx/data_stream/access/fields/ecs.yml index 1888586bd9b..bfbd5ffdefa 100644 --- a/packages/nginx/data_stream/access/fields/ecs.yml +++ b/packages/nginx/data_stream/access/fields/ecs.yml @@ -1,5 +1,33 @@ +- external: ecs + name: destination.address +- external: ecs + name: destination.as.number +- external: ecs + name: destination.as.organization.name - external: ecs name: destination.domain +- external: ecs + name: destination.geo.city_name +- external: ecs + name: destination.geo.continent_code +- external: ecs + name: destination.geo.continent_name +- external: ecs + name: destination.geo.country_iso_code +- external: ecs + name: destination.geo.country_name +- external: ecs + name: destination.geo.location +- external: ecs + name: destination.geo.name +- external: ecs + name: destination.geo.postal_code +- external: ecs + name: destination.geo.region_iso_code +- external: ecs + name: destination.geo.region_name +- external: ecs + name: destination.geo.timezone - external: ecs name: destination.ip - external: ecs @@ -30,6 +58,8 @@ name: source.as.organization.name - external: ecs name: source.geo.city_name +- external: ecs + name: source.geo.continent_code - external: ecs name: source.geo.continent_name - external: ecs @@ -40,10 +70,16 @@ level: core name: source.geo.location type: geo_point +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.postal_code - external: ecs name: source.geo.region_iso_code - external: ecs name: source.geo.region_name +- external: ecs + name: source.geo.timezone - external: ecs name: source.ip - external: ecs diff --git a/packages/nginx/data_stream/error/_dev/test/pipeline/test-error-raw.log-expected.json b/packages/nginx/data_stream/error/_dev/test/pipeline/test-error-raw.log-expected.json index de6245f3729..9800af224f0 100644 --- a/packages/nginx/data_stream/error/_dev/test/pipeline/test-error-raw.log-expected.json +++ b/packages/nginx/data_stream/error/_dev/test/pipeline/test-error-raw.log-expected.json @@ -10,7 +10,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.961425637Z", + "ingested": "2023-08-14T16:15:40.160870483Z", "kind": "event", "original": "2016/10/25 14:49:34 [error] 54053#0: *1 open() \"/usr/local/Cellar/nginx/1.10.2_1/html/favicon.ico\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"localhost:8080\", referrer: \"http://localhost:8080/\"", "type": [ @@ -46,7 +46,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.961441971Z", + "ingested": "2023-08-14T16:15:40.160883417Z", "kind": "event", "original": "2016/10/25 14:50:44 [error] 54053#0: *3 open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /adsasd HTTP/1.1\", host: \"localhost:8080\"", "type": [ @@ -82,7 +82,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.961444512Z", + "ingested": "2023-08-14T16:15:40.160885912Z", "kind": "event", "original": "2019/10/30 23:26:34 [error] 205860#205860: *180289 FastCGI sent in stderr: \"PHP message: PHP Warning: Declaration of FEE_Field_Terms::wrap($content, $taxonomy, $before, $sep, $after) should be compatible with FEE_Field_Post::wrap($content, $post_id = 0) in /var/www/xxx/web/wp-content/plugins/front-end-editor/php/fields/post.php on line 0\nPHP message: PHP Warning: Declaration of FEE_Field_Tags::wrap($content, $before, $sep, $after) should be compatible with FEE_Field_Terms::wrap($content, $taxonomy, $before, $sep, $after) in /var/www/xxx/web/wp-content/plugins/front-end-editor/php/fields/post.php on line 0\nPHP message: PHP Warning: Declaration of FEE_Field_Category::wrap($content, $sep, $parents) should be compatible with FEE_Field_Terms::wrap($content, $taxonomy, $before, $sep, $after) in /var/www/xxx/web/wp-content/plugins/front-end-editor/php/fields/post.php on line 0", "type": [ @@ -118,7 +118,7 @@ "web" ], "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-09T10:33:39.961446596Z", + "ingested": "2023-08-14T16:15:40.160887865Z", "kind": "event", "original": "2019/11/05 14:50:44 [error] 54053#0: *3 open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /pysio HTTP/1.1\", host: \"localhost:8080\"", "type": [ diff --git a/packages/nginx/data_stream/error/fields/ecs.yml b/packages/nginx/data_stream/error/fields/ecs.yml index e26b3ec9bd2..75cc6a1348b 100644 --- a/packages/nginx/data_stream/error/fields/ecs.yml +++ b/packages/nginx/data_stream/error/fields/ecs.yml @@ -2,6 +2,28 @@ name: ecs.version - external: ecs name: host.ip +- external: ecs + name: host.geo.city_name +- external: ecs + name: host.geo.continent_code +- external: ecs + name: host.geo.continent_name +- external: ecs + name: host.geo.country_iso_code +- external: ecs + name: host.geo.country_name +- external: ecs + name: host.geo.location +- external: ecs + name: host.geo.name +- external: ecs + name: host.geo.postal_code +- external: ecs + name: host.geo.region_iso_code +- external: ecs + name: host.geo.region_name +- external: ecs + name: host.geo.timezone - external: ecs name: log.file.path - external: ecs @@ -12,5 +34,31 @@ name: process.pid - external: ecs name: process.thread.id +- external: ecs + name: related.ip +- external: ecs + name: source.geo.city_name +- external: ecs + name: source.geo.continent_code +- external: ecs + name: source.geo.continent_name +- external: ecs + name: source.geo.country_iso_code +- external: ecs + name: source.geo.country_name +- external: ecs + name: source.geo.location +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.postal_code +- external: ecs + name: source.geo.region_iso_code +- external: ecs + name: source.geo.region_name +- external: ecs + name: source.geo.timezone +- external: ecs + name: source.ip - external: ecs name: tags diff --git a/packages/nginx/data_stream/stubstatus/fields/ecs.yml b/packages/nginx/data_stream/stubstatus/fields/ecs.yml index d7ea22de8d6..a154883bd99 100644 --- a/packages/nginx/data_stream/stubstatus/fields/ecs.yml +++ b/packages/nginx/data_stream/stubstatus/fields/ecs.yml @@ -1,3 +1,25 @@ +- external: ecs + name: host.geo.city_name +- external: ecs + name: host.geo.continent_code +- external: ecs + name: host.geo.continent_name +- external: ecs + name: host.geo.country_iso_code +- external: ecs + name: host.geo.country_name +- external: ecs + name: host.geo.location +- external: ecs + name: host.geo.name +- external: ecs + name: host.geo.postal_code +- external: ecs + name: host.geo.region_iso_code +- external: ecs + name: host.geo.region_name +- external: ecs + name: host.geo.timezone - external: ecs name: host.ip - external: ecs @@ -5,5 +27,37 @@ - external: ecs name: service.address dimension: true +- external: ecs + name: related.ip - external: ecs name: service.type +- external: ecs + name: source.address +- external: ecs + name: source.as.number +- external: ecs + name: source.as.organization.name +- external: ecs + name: source.geo.city_name +- external: ecs + name: source.geo.continent_code +- external: ecs + name: source.geo.continent_name +- external: ecs + name: source.geo.country_iso_code +- external: ecs + name: source.geo.country_name +- external: ecs + name: source.geo.location +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.postal_code +- external: ecs + name: source.geo.region_iso_code +- external: ecs + name: source.geo.region_name +- external: ecs + name: source.geo.timezone +- external: ecs + name: source.ip diff --git a/packages/nginx/docs/README.md b/packages/nginx/docs/README.md index 40d0eb81a6c..397913620e2 100644 --- a/packages/nginx/docs/README.md +++ b/packages/nginx/docs/README.md @@ -197,7 +197,22 @@ An example event for `access` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | +| destination.address | Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| destination.as.organization.name | Organization name. | keyword | +| destination.as.organization.name.text | Multi-field of `destination.as.organization.name`. | match_only_text | | destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | +| destination.geo.city_name | City name. | keyword | +| destination.geo.continent_code | Two-letter code representing continent's name. | keyword | +| destination.geo.continent_name | Name of the continent. | keyword | +| destination.geo.country_iso_code | Country ISO code. | keyword | +| destination.geo.country_name | Country name. | keyword | +| destination.geo.location | Longitude and latitude. | geo_point | +| destination.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | +| destination.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword | +| destination.geo.region_iso_code | Region ISO code. | keyword | +| destination.geo.region_name | Region name. | keyword | +| destination.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | destination.ip | IP address of the destination (IPv4 or IPv6). | ip | | destination.port | Port of the destination. | long | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | @@ -236,12 +251,16 @@ An example event for `access` looks as following: | source.as.organization.name | Organization name. | keyword | | source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.geo.city_name | City name. | keyword | +| source.geo.continent_code | Two-letter code representing continent's name. | keyword | | source.geo.continent_name | Name of the continent. | keyword | | source.geo.country_iso_code | Country ISO code. | keyword | | source.geo.country_name | Country name. | keyword | | source.geo.location | Longitude and latitude. | geo_point | +| source.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | +| source.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword | | source.geo.region_iso_code | Region ISO code. | keyword | | source.geo.region_name | Region name. | keyword | +| source.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | source.ip | IP address of the source (IPv4 or IPv6). | ip | | tags | List of keywords used to tag each event. | keyword | | url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | @@ -388,6 +407,17 @@ An example event for `error` looks as following: | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | +| host.geo.city_name | City name. | keyword | +| host.geo.continent_code | Two-letter code representing continent's name. | keyword | +| host.geo.continent_name | Name of the continent. | keyword | +| host.geo.country_iso_code | Country ISO code. | keyword | +| host.geo.country_name | Country name. | keyword | +| host.geo.location | Longitude and latitude. | geo_point | +| host.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | +| host.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword | +| host.geo.region_iso_code | Region ISO code. | keyword | +| host.geo.region_name | Region name. | keyword | +| host.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | @@ -410,6 +440,19 @@ An example event for `error` looks as following: | nginx.error.connection_id | Connection identifier. | long | | process.pid | Process id. | long | | process.thread.id | Thread ID. | long | +| related.ip | All of the IPs seen on your event. | ip | +| source.geo.city_name | City name. | keyword | +| source.geo.continent_code | Two-letter code representing continent's name. | keyword | +| source.geo.continent_name | Name of the continent. | keyword | +| source.geo.country_iso_code | Country ISO code. | keyword | +| source.geo.country_name | Country name. | keyword | +| source.geo.location | Longitude and latitude. | geo_point | +| source.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | +| source.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword | +| source.geo.region_iso_code | Region ISO code. | keyword | +| source.geo.region_name | Region name. | keyword | +| source.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | | tags | List of keywords used to tag each event. | keyword | @@ -542,6 +585,17 @@ An example event for `stubstatus` looks as following: | host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.geo.city_name | City name. | keyword | | +| host.geo.continent_code | Two-letter code representing continent's name. | keyword | | +| host.geo.continent_name | Name of the continent. | keyword | | +| host.geo.country_iso_code | Country ISO code. | keyword | | +| host.geo.country_name | Country name. | keyword | | +| host.geo.location | Longitude and latitude. | geo_point | | +| host.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | | +| host.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword | | +| host.geo.region_iso_code | Region ISO code. | keyword | | +| host.geo.region_name | Region name. | keyword | | +| host.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | host.ip | Host ip addresses. | ip | | @@ -566,8 +620,25 @@ An example event for `stubstatus` looks as following: | nginx.stubstatus.requests | The total number of client requests. | long | counter | | nginx.stubstatus.waiting | The current number of idle client connections waiting for a request. | long | gauge | | nginx.stubstatus.writing | The current number of connections where Nginx is writing the response back to the client. | long | gauge | +| related.ip | All of the IPs seen on your event. | ip | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | +| source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | | +| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | +| source.as.organization.name | Organization name. | keyword | | +| source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | +| source.geo.city_name | City name. | keyword | | +| source.geo.continent_code | Two-letter code representing continent's name. | keyword | | +| source.geo.continent_name | Name of the continent. | keyword | | +| source.geo.country_iso_code | Country ISO code. | keyword | | +| source.geo.country_name | Country name. | keyword | | +| source.geo.location | Longitude and latitude. | geo_point | | +| source.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | | +| source.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword | | +| source.geo.region_iso_code | Region ISO code. | keyword | | +| source.geo.region_name | Region name. | keyword | | +| source.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | | ## ML Modules diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index b0ef1f2f95b..bf4140428c6 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx title: Nginx -version: "1.15.0" +version: "1.15.1" license: basic description: Collect logs and metrics from Nginx HTTP servers with Elastic Agent. type: integration