IBM MQ Filebeat module

CHANGELOG.next.asciidoc

@@ -242,6 +242,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add netflow dashboards based on Logstash netflow. {pull}12857[12857]
 - Parse more fields from Elasticsearch slowlogs. {pull}11939[11939]
 - Update module pipelines to enrich events with autonomous system fields. {pull}13036[13036]
+- Add module for ingesting IBM MQ logs. {pull}8782[8782]
 
 *Heartbeat*
 

filebeat/docs/fields.asciidoc

@@ -25,6 +25,7 @@ grouped in the following categories:
 * <<exported-fields-googlecloud>>
 * <<exported-fields-haproxy>>
 * <<exported-fields-host-processor>>
+* <<exported-fields-ibmmq>>
 * <<exported-fields-icinga>>
 * <<exported-fields-iis>>
 * <<exported-fields-iptables>>
@@ -6178,6 +6179,102 @@ example: stretch
 
 --
 
+[[exported-fields-ibmmq]]
+== ibmmq fields
+
+ibmmq Module
+
+
+
+[float]
+=== ibmmq
+
+
+
+
+[float]
+=== errorlog
+
+IBM MQ error logs
+
+
+*`ibmmq.errorlog.installation`*::
++
+--
+This is the installation name which can be given at installation time.
+Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation.
+
+
+type: keyword
+
+--
+
+*`ibmmq.errorlog.qmgr`*::
++
+--
+Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them.
+
+
+type: keyword
+
+--
+
+*`ibmmq.errorlog.arithinsert`*::
++
+--
+Changing content based on error.id
+
+type: keyword
+
+--
+
+*`ibmmq.errorlog.commentinsert`*::
++
+--
+Changing content based on error.id
+
+type: keyword
+
+--
+
+*`ibmmq.errorlog.errordescription`*::
++
+--
+Please add description
+
+type: text
+
+example: Please add example
+
+--
+
+*`ibmmq.errorlog.explanation`*::
++
+--
+Explaines the error in more detail
+
+type: keyword
+
+--
+
+*`ibmmq.errorlog.action`*::
++
+--
+Defines what to do when the error occurs
+
+type: keyword
+
+--
+
+*`ibmmq.errorlog.code`*::
++
+--
+Error code.
+
+type: keyword
+
+--
+
 [[exported-fields-icinga]]
 == Icinga fields
 

filebeat/docs/modules/ibmmq.asciidoc

@@ -0,0 +1,62 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-ibmmq]]
+:modulename: ibmmq
+
+== IBM MQ module
+
+This is the ibmmq module.
+
+include::../include/what-happens.asciidoc[]
+
+[float]
+=== Compatibility
+
+This module has been tested with IBM MQ v9.1.0.0, but it should be compatible with older versions.
+
+include::../include/running-modules.asciidoc[]
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/filebeat-ibmmq.png[]
+
+
+include::../include/configuring-intro.asciidoc[]
+
+
+The following example shows how to set paths in the +modules.d/{modulename}.yml+
+file to override the default paths for IBM MQ errorlog:
+
+["source","yaml",subs="attributes"]
+-----
+- module: ibmmq
+  errorlog:
+    enabled: true
+    var.paths: ["C:/ibmmq/logs/*.log"]
+-----
+:fileset_ex: errorlog
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `errorlog` log fileset settings
+
+include::../include/var-paths.asciidoc[]
+
+:fileset_ex!:
+
+:modulename!:
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-ibmmq,exported fields>> section.
+

filebeat/docs/modules_list.asciidoc

@@ -11,6 +11,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-envoyproxy>>
   * <<filebeat-module-googlecloud>>
   * <<filebeat-module-haproxy>>
+  * <<filebeat-module-ibmmq>>
   * <<filebeat-module-icinga>>
   * <<filebeat-module-iis>>
   * <<filebeat-module-iptables>>
@@ -46,6 +47,7 @@ include::modules/elasticsearch.asciidoc[]
 include::modules/envoyproxy.asciidoc[]
 include::modules/googlecloud.asciidoc[]
 include::modules/haproxy.asciidoc[]
+include::modules/ibmmq.asciidoc[]
 include::modules/icinga.asciidoc[]
 include::modules/iis.asciidoc[]
 include::modules/iptables.asciidoc[]

x-pack/filebeat/filebeat.reference.yml

@@ -200,6 +200,16 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+#-------------------------------- Ibmmq Module --------------------------------
+- module: ibmmq
+  # All logs
+  errorlog:
+    enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
 #-------------------------------- Icinga Module --------------------------------
 #- module: icinga
   # Main logs

x-pack/filebeat/module/ibmmq/_meta/config.yml

@@ -0,0 +1,8 @@
+- module: ibmmq
+  # All logs
+  errorlog:
+    enabled: true
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:

x-pack/filebeat/module/ibmmq/_meta/docs.asciidoc

@@ -0,0 +1,49 @@
+:modulename: ibmmq
+
+== IBM MQ module
+
+This is the ibmmq module.
+
+include::../include/what-happens.asciidoc[]
+
+[float]
+=== Compatibility
+
+This module has been tested with IBM MQ v9.1.0.0, but it should be compatible with older versions.
+
+include::../include/running-modules.asciidoc[]
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/filebeat-ibmmq.png[]
+
+
+include::../include/configuring-intro.asciidoc[]
+
+
+The following example shows how to set paths in the +modules.d/{modulename}.yml+
+file to override the default paths for IBM MQ errorlog:
+
+["source","yaml",subs="attributes"]
+-----
+- module: ibmmq
+  errorlog:
+    enabled: true
+    var.paths: ["C:/ibmmq/logs/*.log"]
+-----
+:fileset_ex: errorlog
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `errorlog` log fileset settings
+
+include::../include/var-paths.asciidoc[]
+
+:fileset_ex!:
+
+:modulename!:

x-pack/filebeat/module/ibmmq/_meta/fields.yml

@@ -0,0 +1,9 @@
+- key: ibmmq
+  title: "ibmmq"
+  description: >
+    ibmmq Module
+  fields:
+    - name: ibmmq
+      type: group
+      description: >
+      fields: