From e7f933588e9d1f9a58cf7e9acfaf03f2944da49f Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Mon, 2 Mar 2020 17:55:01 -0600 Subject: [PATCH] Improve ECS categorization field mapping in kafka module (#16645) - event.kind - event.type - convert pipeline to yaml Closes #16167 --- CHANGELOG.next.asciidoc | 1 + .../module/kafka/log/ingest/pipeline.json | 87 -------- filebeat/module/kafka/log/ingest/pipeline.yml | 73 +++++++ filebeat/module/kafka/log/manifest.yml | 2 +- .../test/controller-2.0.0.log-expected.json | 44 ++++ .../log/test/controller.log-expected.json | 40 ++++ .../log/test/server-2.0.0.log-expected.json | 200 ++++++++++++++++++ .../kafka/log/test/server.log-expected.json | 40 ++++ .../test/state-change-1.1.0.log-expected.json | 2 + .../test/state-change-2.0.0.log-expected.json | 2 + .../log/test/state-change.log-expected.json | 2 + 11 files changed, 405 insertions(+), 88 deletions(-) delete mode 100644 filebeat/module/kafka/log/ingest/pipeline.json create mode 100644 filebeat/module/kafka/log/ingest/pipeline.yml diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e38246abb19..e5fff6f9f94 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -152,6 +152,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve the decode_cef processor by reducing the number of memory allocations. {pull}16587[16587] - Add `cloudfoundry` input to send events from Cloud Foundry. {pull}16586[16586] - Improve ECS categorization field mappings in iis module. {issue}16165[16165] {pull}16618[16618] +- Improve ECS categorization field mapping in kafka module. {issue}16167[16167] {pull}16645[16645] *Heartbeat* diff --git a/filebeat/module/kafka/log/ingest/pipeline.json b/filebeat/module/kafka/log/ingest/pipeline.json deleted file mode 100644 index 6ba84de7634..00000000000 --- a/filebeat/module/kafka/log/ingest/pipeline.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "description": "Pipeline for parsing Kafka log messages", - "processors": [ - { - "grok": { - "field": "message", - "trace_match": true, - "patterns": [ - "(?m)%{TIMESTAMP_ISO8601:kafka.log.timestamp}. %{LOGLEVEL:log.level} +%{JAVALOGMESSAGE:message} \\(%{JAVACLASS:kafka.log.class}\\)$[ \\n]*(?'kafka.log.trace.full'.*)" - ] - } - }, - { - "grok": { - "field": "message", - "pattern_definitions": { - "KAFKA_COMPONENT": "[^\\]]*" - }, - "patterns": [ - "\\[%{KAFKA_COMPONENT:kafka.log.component}\\][,:.]? +%{JAVALOGMESSAGE:message}" - ], - "on_failure": [ - { - "set": { - "field": "kafka.log.component", - "value": "unknown" - } - } - ] - } - }, - { - "grok": { - "field": "kafka.log.trace.full", - "ignore_missing": true, - "patterns": [ - "%{JAVACLASS:kafka.log.trace.class}:\\s*%{JAVALOGMESSAGE:kafka.log.trace.message}" - ], - "on_failure": [ - { - "remove": { - "field": "kafka.log.trace" - } - } - ] - } - }, - { - "remove": { - "field": "kafka.log.trace.full", - "ignore_missing": true - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "date": { - "if": "ctx.event.timezone == null", - "field": "kafka.log.timestamp", - "target_field": "@timestamp", - "formats": ["yyyy-MM-dd HH:mm:ss,SSS"], - "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] - } - }, - { - "date": { - "if": "ctx.event.timezone != null", - "field": "kafka.log.timestamp", - "target_field": "@timestamp", - "formats": ["yyyy-MM-dd HH:mm:ss,SSS"], - "timezone": "{{ event.timezone }}", - "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] - } - }, - {"remove": {"field": "kafka.log.timestamp" }} - ], - "on_failure" : [{ - "set" : { - "field" : "error.log", - "value" : "{{ _ingest.on_failure_message }}" - } - }] -} diff --git a/filebeat/module/kafka/log/ingest/pipeline.yml b/filebeat/module/kafka/log/ingest/pipeline.yml new file mode 100644 index 00000000000..41db8f4f197 --- /dev/null +++ b/filebeat/module/kafka/log/ingest/pipeline.yml @@ -0,0 +1,73 @@ +description: Pipeline for parsing Kafka log messages +processors: +- grok: + field: message + trace_match: true + patterns: + - (?m)%{TIMESTAMP_ISO8601:kafka.log.timestamp}. %{LOGLEVEL:log.level} +%{JAVALOGMESSAGE:message} + \(%{JAVACLASS:kafka.log.class}\)$[ \n]*(?'kafka.log.trace.full'.*) +- grok: + field: message + pattern_definitions: + KAFKA_COMPONENT: '[^\]]*' + patterns: + - \[%{KAFKA_COMPONENT:kafka.log.component}\][,:.]? +%{JAVALOGMESSAGE:message} + on_failure: + - set: + field: kafka.log.component + value: unknown +- grok: + field: kafka.log.trace.full + ignore_missing: true + patterns: + - '%{JAVACLASS:kafka.log.trace.class}:\s*%{JAVALOGMESSAGE:kafka.log.trace.message}' + on_failure: + - remove: + field: kafka.log.trace +- remove: + field: kafka.log.trace.full + ignore_missing: true +- rename: + field: '@timestamp' + target_field: event.created +- date: + if: ctx.event.timezone == null + field: kafka.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss,SSS + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- date: + if: ctx.event.timezone != null + field: kafka.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss,SSS + timezone: '{{ event.timezone }}' + on_failure: + - append: + field: error.message + value: '{{ _ingest.on_failure_message }}' +- remove: + field: kafka.log.timestamp +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + def errorLevels = ["ERROR", "FATAL"]; + if (ctx?.log?.level != null) { + if (errorLevels.contains(ctx.log.level)) { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } +on_failure: +- set: + field: error.log + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/kafka/log/manifest.yml b/filebeat/module/kafka/log/manifest.yml index 97ea201ec89..38107e02ab8 100644 --- a/filebeat/module/kafka/log/manifest.yml +++ b/filebeat/module/kafka/log/manifest.yml @@ -10,5 +10,5 @@ var: - "{{.kafka_home}}/logs/state-change.log*" - "{{.kafka_home}}/logs/kafka-*.log*" -ingest_pipeline: ingest/pipeline.json +ingest_pipeline: ingest/pipeline.yml input: config/log.yml diff --git a/filebeat/module/kafka/log/test/controller-2.0.0.log-expected.json b/filebeat/module/kafka/log/test/controller-2.0.0.log-expected.json index 40e888a364f..42dd99ab2a2 100644 --- a/filebeat/module/kafka/log/test/controller-2.0.0.log-expected.json +++ b/filebeat/module/kafka/log/test/controller-2.0.0.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2018-10-31T15:03:32.474-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -16,8 +18,10 @@ { "@timestamp": "2018-10-31T15:03:32.474-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -30,8 +34,10 @@ { "@timestamp": "2018-10-31T15:03:32.474-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -44,8 +50,10 @@ { "@timestamp": "2018-10-31T15:03:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -58,8 +66,10 @@ { "@timestamp": "2018-10-31T15:03:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -72,8 +82,10 @@ { "@timestamp": "2018-10-31T15:03:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -86,8 +98,10 @@ { "@timestamp": "2018-10-31T15:03:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -100,8 +114,10 @@ { "@timestamp": "2018-10-31T15:03:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -114,8 +130,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -128,8 +146,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -142,8 +162,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -156,8 +178,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -170,8 +194,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -184,8 +210,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -198,8 +226,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -212,8 +242,10 @@ { "@timestamp": "2018-10-31T15:08:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -226,8 +258,10 @@ { "@timestamp": "2018-10-31T15:09:30.306-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -240,8 +274,10 @@ { "@timestamp": "2018-10-31T15:09:30.307-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -254,8 +290,10 @@ { "@timestamp": "2018-10-31T15:09:30.396-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.RequestSendThread", @@ -268,8 +306,10 @@ { "@timestamp": "2018-10-31T15:09:30.397-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.RequestSendThread", @@ -282,8 +322,10 @@ { "@timestamp": "2018-10-31T15:09:30.396-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.RequestSendThread", @@ -296,8 +338,10 @@ { "@timestamp": "2018-10-31T15:13:32.475-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", diff --git a/filebeat/module/kafka/log/test/controller.log-expected.json b/filebeat/module/kafka/log/test/controller.log-expected.json index 46c9226208e..4b4005c5300 100644 --- a/filebeat/module/kafka/log/test/controller.log-expected.json +++ b/filebeat/module/kafka/log/test/controller.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2017-08-04T10:48:21.048-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", @@ -16,8 +18,10 @@ { "@timestamp": "2017-08-04T10:48:21.063-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -30,8 +34,10 @@ { "@timestamp": "2017-08-04T10:48:21.064-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -44,8 +50,10 @@ { "@timestamp": "2017-08-04T10:48:21.082-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -58,8 +66,10 @@ { "@timestamp": "2017-08-04T10:48:21.085-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -72,8 +82,10 @@ { "@timestamp": "2017-08-04T10:48:21.154-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.ReplicaStateMachine", @@ -86,8 +98,10 @@ { "@timestamp": "2017-08-04T10:48:21.156-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.PartitionStateMachine", @@ -100,8 +114,10 @@ { "@timestamp": "2017-08-04T10:48:21.157-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -114,8 +130,10 @@ { "@timestamp": "2017-08-04T10:48:21.165-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.PartitionStateMachine", @@ -128,8 +146,10 @@ { "@timestamp": "2017-08-04T11:44:22.588-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -142,8 +162,10 @@ { "@timestamp": "2017-08-04T11:44:25.094-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", @@ -156,8 +178,10 @@ { "@timestamp": "2017-08-04T11:44:25.095-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", @@ -170,8 +194,10 @@ { "@timestamp": "2017-08-04T11:44:25.097-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", @@ -184,8 +210,10 @@ { "@timestamp": "2017-08-04T11:44:25.099-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -198,8 +226,10 @@ { "@timestamp": "2017-08-04T11:44:25.100-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.KafkaController", @@ -212,8 +242,10 @@ { "@timestamp": "2017-08-04T11:44:25.105-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.PartitionStateMachine", @@ -226,8 +258,10 @@ { "@timestamp": "2017-08-04T11:44:25.111-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.ReplicaStateMachine", @@ -240,8 +274,10 @@ { "@timestamp": "2017-08-04T11:44:25.112-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.RequestSendThread", @@ -254,8 +290,10 @@ { "@timestamp": "2017-08-04T11:44:25.112-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.RequestSendThread", @@ -268,8 +306,10 @@ { "@timestamp": "2017-08-04T11:44:25.113-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.controller.RequestSendThread", diff --git a/filebeat/module/kafka/log/test/server-2.0.0.log-expected.json b/filebeat/module/kafka/log/test/server-2.0.0.log-expected.json index 4402a7d39c4..d1a8d287cb0 100644 --- a/filebeat/module/kafka/log/test/server-2.0.0.log-expected.json +++ b/filebeat/module/kafka/log/test/server-2.0.0.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2018-10-17T12:04:41.718-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -16,8 +18,10 @@ { "@timestamp": "2018-10-17T12:14:41.719-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -30,8 +34,10 @@ { "@timestamp": "2018-10-17T12:24:41.719-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -44,8 +50,10 @@ { "@timestamp": "2018-10-17T12:34:41.719-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -58,8 +66,10 @@ { "@timestamp": "2018-10-17T12:44:41.719-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -72,8 +82,10 @@ { "@timestamp": "2018-10-17T12:50:23.313-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -86,8 +98,10 @@ { "@timestamp": "2018-10-17T12:50:23.314-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -100,8 +114,10 @@ { "@timestamp": "2018-10-17T12:50:23.321-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -114,8 +130,10 @@ { "@timestamp": "2018-10-17T12:50:23.322-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -128,8 +146,10 @@ { "@timestamp": "2018-10-17T12:50:23.322-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -142,8 +162,10 @@ { "@timestamp": "2018-10-17T12:50:23.323-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -156,8 +178,10 @@ { "@timestamp": "2018-10-17T12:50:23.323-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.kafka.clients.FetchSessionHandler", @@ -170,8 +194,10 @@ { "@timestamp": "2018-10-17T12:50:23.324-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -184,8 +210,10 @@ { "@timestamp": "2018-10-17T12:50:23.331-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -198,8 +226,10 @@ { "@timestamp": "2018-10-17T12:50:23.348-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -212,8 +242,10 @@ { "@timestamp": "2018-10-17T12:50:23.348-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -226,8 +258,10 @@ { "@timestamp": "2018-10-17T12:50:23.350-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -240,8 +274,10 @@ { "@timestamp": "2018-10-17T12:50:23.351-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -254,8 +290,10 @@ { "@timestamp": "2018-10-17T12:50:23.355-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -268,8 +306,10 @@ { "@timestamp": "2018-10-17T12:50:23.360-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -282,8 +322,10 @@ { "@timestamp": "2018-10-17T12:50:23.361-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -296,8 +338,10 @@ { "@timestamp": "2018-10-17T12:50:23.421-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -310,8 +354,10 @@ { "@timestamp": "2018-10-17T12:50:23.421-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -324,8 +370,10 @@ { "@timestamp": "2018-10-17T12:50:24.508-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -338,8 +386,10 @@ { "@timestamp": "2018-10-17T12:51:56.064-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -352,8 +402,10 @@ { "@timestamp": "2018-10-17T12:51:56.091-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -366,8 +418,10 @@ { "@timestamp": "2018-10-17T12:51:56.098-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -380,8 +434,10 @@ { "@timestamp": "2018-10-17T12:51:56.104-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -394,8 +450,10 @@ { "@timestamp": "2018-10-17T12:54:31.461-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -408,8 +466,10 @@ { "@timestamp": "2018-10-17T12:54:31.481-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -422,8 +482,10 @@ { "@timestamp": "2018-10-17T12:54:31.482-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -436,8 +498,10 @@ { "@timestamp": "2018-10-17T12:54:31.483-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -450,8 +514,10 @@ { "@timestamp": "2018-10-17T12:54:31.501-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -464,8 +530,10 @@ { "@timestamp": "2018-10-17T12:54:31.504-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -478,8 +546,10 @@ { "@timestamp": "2018-10-17T12:54:31.504-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -492,8 +562,10 @@ { "@timestamp": "2018-10-17T12:54:31.508-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -506,8 +578,10 @@ { "@timestamp": "2018-10-17T12:54:31.510-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -520,8 +594,10 @@ { "@timestamp": "2018-10-17T12:54:32.043-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -534,8 +610,10 @@ { "@timestamp": "2018-10-17T12:54:32.044-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -548,8 +626,10 @@ { "@timestamp": "2018-10-17T12:54:41.719-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -562,8 +642,10 @@ { "@timestamp": "2018-10-17T12:57:17.790-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -576,8 +658,10 @@ { "@timestamp": "2018-10-17T12:57:17.809-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -590,8 +674,10 @@ { "@timestamp": "2018-10-17T12:57:17.810-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -604,8 +690,10 @@ { "@timestamp": "2018-10-17T12:57:17.812-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.LogManager", @@ -618,8 +706,10 @@ { "@timestamp": "2018-10-17T12:57:17.816-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -632,8 +722,10 @@ { "@timestamp": "2018-10-17T12:57:17.816-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Replica", @@ -646,8 +738,10 @@ { "@timestamp": "2018-10-17T12:57:17.816-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Replica", @@ -660,8 +754,10 @@ { "@timestamp": "2018-10-17T12:57:17.816-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -674,8 +770,10 @@ { "@timestamp": "2018-10-17T12:57:17.817-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Replica", @@ -688,8 +786,10 @@ { "@timestamp": "2018-10-17T12:57:17.833-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -702,8 +802,10 @@ { "@timestamp": "2018-10-17T12:57:17.833-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -716,8 +818,10 @@ { "@timestamp": "2018-10-17T12:57:17.835-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.LogManager", @@ -730,8 +834,10 @@ { "@timestamp": "2018-10-17T12:57:17.836-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Partition", @@ -744,8 +850,10 @@ { "@timestamp": "2018-10-17T12:57:17.836-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.cluster.Replica", @@ -758,8 +866,10 @@ { "@timestamp": "2018-10-17T12:57:17.837-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -772,8 +882,10 @@ { "@timestamp": "2018-10-17T12:57:17.838-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -786,8 +898,10 @@ { "@timestamp": "2018-10-17T12:57:17.839-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -800,8 +914,10 @@ { "@timestamp": "2018-10-17T12:57:17.896-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -814,8 +930,10 @@ { "@timestamp": "2018-10-17T12:57:17.897-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.Log", @@ -828,8 +946,10 @@ { "@timestamp": "2018-10-17T12:57:18.400-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "error", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -847,8 +967,10 @@ { "@timestamp": "2018-10-17T12:58:47.490-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.kafka.common.utils.LoggingSignalHandler", @@ -861,8 +983,10 @@ { "@timestamp": "2018-10-17T12:58:47.492-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.KafkaServer", @@ -875,8 +999,10 @@ { "@timestamp": "2018-10-17T12:58:47.494-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.KafkaServer", @@ -889,8 +1015,10 @@ { "@timestamp": "2018-10-17T12:58:47.547-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -903,8 +1031,10 @@ { "@timestamp": "2018-10-17T12:58:47.550-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -917,8 +1047,10 @@ { "@timestamp": "2018-10-17T12:58:47.556-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -931,8 +1063,10 @@ { "@timestamp": "2018-10-17T12:58:47.556-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -945,8 +1079,10 @@ { "@timestamp": "2018-10-17T12:58:47.558-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -959,8 +1095,10 @@ { "@timestamp": "2018-10-17T12:58:47.558-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -973,8 +1111,10 @@ { "@timestamp": "2018-10-17T12:58:47.561-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -987,8 +1127,10 @@ { "@timestamp": "2018-10-17T12:58:47.561-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1001,8 +1143,10 @@ { "@timestamp": "2018-10-17T12:58:47.567-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1015,8 +1159,10 @@ { "@timestamp": "2018-10-17T12:58:47.567-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1029,8 +1175,10 @@ { "@timestamp": "2018-10-17T12:58:47.568-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1043,8 +1191,10 @@ { "@timestamp": "2018-10-17T12:58:47.568-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1057,8 +1207,10 @@ { "@timestamp": "2018-10-17T12:58:47.568-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -1071,8 +1223,10 @@ { "@timestamp": "2018-10-17T12:58:47.577-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.kafka.clients.FetchSessionHandler", @@ -1085,8 +1239,10 @@ { "@timestamp": "2018-10-17T12:58:47.577-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -1099,8 +1255,10 @@ { "@timestamp": "2018-10-17T12:58:47.583-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -1113,8 +1271,10 @@ { "@timestamp": "2018-10-17T12:58:47.585-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1127,8 +1287,10 @@ { "@timestamp": "2018-10-17T12:58:47.586-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1141,8 +1303,10 @@ { "@timestamp": "2018-10-17T12:58:47.594-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -1155,8 +1319,10 @@ { "@timestamp": "2018-10-17T12:58:47.601-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.kafka.clients.FetchSessionHandler", @@ -1169,8 +1335,10 @@ { "@timestamp": "2018-10-17T12:58:47.602-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -1183,8 +1351,10 @@ { "@timestamp": "2018-10-17T12:58:47.602-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherThread", @@ -1197,8 +1367,10 @@ { "@timestamp": "2018-10-17T12:58:47.604-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.KafkaServer", @@ -1211,8 +1383,10 @@ { "@timestamp": "2018-10-17T12:58:47.605-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.common.ZkNodeChangeNotificationListener$ChangeEventProcessThread", @@ -1225,8 +1399,10 @@ { "@timestamp": "2018-10-17T12:58:47.606-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.common.ZkNodeChangeNotificationListener$ChangeEventProcessThread", @@ -1239,8 +1415,10 @@ { "@timestamp": "2018-10-17T12:58:47.606-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1253,8 +1431,10 @@ { "@timestamp": "2018-10-17T12:58:47.606-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1267,8 +1447,10 @@ { "@timestamp": "2018-10-17T12:58:47.606-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.common.ZkNodeChangeNotificationListener$ChangeEventProcessThread", @@ -1281,8 +1463,10 @@ { "@timestamp": "2018-10-17T12:58:47.607-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.network.SocketServer", @@ -1295,8 +1479,10 @@ { "@timestamp": "2018-10-17T12:58:47.608-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1309,8 +1495,10 @@ { "@timestamp": "2018-10-17T12:58:47.608-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1323,8 +1511,10 @@ { "@timestamp": "2018-10-17T12:58:47.609-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1337,8 +1527,10 @@ { "@timestamp": "2018-10-17T12:58:47.609-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1351,8 +1543,10 @@ { "@timestamp": "2018-10-17T12:58:47.610-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1365,8 +1559,10 @@ { "@timestamp": "2018-10-17T12:58:47.610-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", @@ -1379,8 +1575,10 @@ { "@timestamp": "2018-10-17T12:58:47.611-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaFetcherManager", @@ -1393,8 +1591,10 @@ { "@timestamp": "2018-10-17T12:58:47.611-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ReplicaAlterLogDirsManager", diff --git a/filebeat/module/kafka/log/test/server.log-expected.json b/filebeat/module/kafka/log/test/server.log-expected.json index f92b26d249a..82e2fdb8779 100644 --- a/filebeat/module/kafka/log/test/server.log-expected.json +++ b/filebeat/module/kafka/log/test/server.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2017-08-04T10:48:20.377-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.KafkaServer", @@ -16,8 +18,10 @@ { "@timestamp": "2017-08-04T10:48:20.379-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.KafkaServer", @@ -30,8 +34,10 @@ { "@timestamp": "2017-08-04T10:48:20.400-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.zookeeper.ZooKeeper", @@ -44,8 +50,10 @@ { "@timestamp": "2017-08-04T10:48:20.400-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.zookeeper.ZooKeeper", @@ -58,8 +66,10 @@ { "@timestamp": "2017-08-04T10:48:20.401-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.zookeeper.ZooKeeper", @@ -72,8 +82,10 @@ { "@timestamp": "2017-08-04T10:48:20.413-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.I0Itec.zkclient.ZkClient", @@ -86,8 +98,10 @@ { "@timestamp": "2017-08-04T10:48:20.415-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.zookeeper.ClientCnxn", @@ -100,8 +114,10 @@ { "@timestamp": "2017-08-04T10:48:20.420-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.zookeeper.ClientCnxn", @@ -114,8 +130,10 @@ { "@timestamp": "2017-08-04T10:48:20.457-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.apache.zookeeper.ClientCnxn", @@ -128,8 +146,10 @@ { "@timestamp": "2017-08-04T10:48:20.458-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "org.I0Itec.zkclient.ZkClient", @@ -142,8 +162,10 @@ { "@timestamp": "2017-08-04T10:48:20.748-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.BrokerMetadataCheckpoint", @@ -156,8 +178,10 @@ { "@timestamp": "2017-08-04T10:48:20.800-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.ClientQuotaManager$ThrottledRequestReaper", @@ -170,8 +194,10 @@ { "@timestamp": "2017-08-04T10:48:20.866-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.LogManager", @@ -184,8 +210,10 @@ { "@timestamp": "2017-08-04T10:48:20.873-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.log.LogManager", @@ -198,8 +226,10 @@ { "@timestamp": "2017-08-04T10:48:21.062-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper", @@ -212,8 +242,10 @@ { "@timestamp": "2017-08-04T10:48:21.063-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.utils.ZKCheckedEphemeral", @@ -226,8 +258,10 @@ { "@timestamp": "2017-08-04T10:48:21.095-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", @@ -240,8 +274,10 @@ { "@timestamp": "2017-08-04T10:48:21.127-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.transaction.ProducerIdManager", @@ -254,8 +290,10 @@ { "@timestamp": "2017-08-04T10:48:21.162-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.transaction.TransactionCoordinator", @@ -268,8 +306,10 @@ { "@timestamp": "2017-08-04T10:48:21.167-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "kafka.coordinator.transaction.TransactionMarkerChannelManager", diff --git a/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json b/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json index e8c9e5d047d..c7e7d804d25 100644 --- a/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2018-07-16T10:17:06.489-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "state.change.logger", diff --git a/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json b/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json index db2c5e919e7..7edb0c4d274 100644 --- a/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2018-10-31T15:09:30.451-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "state.change.logger", diff --git a/filebeat/module/kafka/log/test/state-change.log-expected.json b/filebeat/module/kafka/log/test/state-change.log-expected.json index 76a5b7a8afe..eea369d05a2 100644 --- a/filebeat/module/kafka/log/test/state-change.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change.log-expected.json @@ -2,8 +2,10 @@ { "@timestamp": "2017-08-04T10:48:21.428-02:00", "event.dataset": "kafka.log", + "event.kind": "event", "event.module": "kafka", "event.timezone": "-02:00", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kafka.log.class": "state.change.logger",