From a91cc9ec1aa3218157812004465d9c14a3b14ee2 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Wed, 11 Mar 2020 11:09:37 -0500 Subject: [PATCH] [Filebeat] Improve ECS categorization field mappings in ibmmq (#16532) - event.kind - convert pipeline to yaml Closes #16163 --- CHANGELOG.next.asciidoc | 1 + .../ibmmq/errorlog/ingest/pipeline.json | 108 ------------------ .../module/ibmmq/errorlog/ingest/pipeline.yml | 76 ++++++++++++ .../module/ibmmq/errorlog/manifest.yml | 2 +- .../errorlog/test/AMQERR01.log-expected.json | 20 ++++ .../test/AMQERR01_QM1.log-expected.json | 100 ++++++++++++++++ .../test/AMQERR01_QM2.log-expected.json | 100 ++++++++++++++++ 7 files changed, 298 insertions(+), 109 deletions(-) delete mode 100644 x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.json create mode 100644 x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 0482fedf48a..bd8e65070e0 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -172,6 +172,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve ECS categorization field mappings in logstash module. {issue}16169[16169] {pull}16668[16668] - Update filebeat httpjson input to support pagination via Header and Okta module. {pull}16354[16354] - Improve ECS categorization field mapping in icinga module. {issue}16164[16164] {pull}16533[16533] +- Improve ECS categorization field mappings in ibmmq module. {issue}16163[16163] {pull}16532[16532] *Heartbeat* diff --git a/x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.json b/x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.json deleted file mode 100644 index b06050952e3..00000000000 --- a/x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "description": "Pipeline for parsing MQ error logs.", - "processors": [ - { - "gsub": { - "field": "message", - "pattern": "^[\\-]{5}[a-z0-9\\. :]*[\\-]{5,}", - "replacement": "" - } - }, - { - "gsub": { - "field": "message", - "pattern": "\n", - "replacement": " " - } - }, - { - "gsub": { - "field": "message", - "pattern": "[ ]{2,}", - "replacement": " " - } - }, - { - "trim": { - "field": "message" - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "^%{DATA:log_timestamp} -" - ] - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "Process\\(%{DATA:process.pid}\\) User\\(%{WORD:user.name}\\) Program\\(%{DATA:process.title}\\) Host\\(%{DATA:host.hostname}\\) Installation\\(%{WORD:ibmmq.errorlog.installation}\\) VRMF\\(%{DATA:service.version}\\)( QMgr\\(%{DATA:ibmmq.errorlog.qmgr}\\))?( Time\\(%{TIMESTAMP_ISO8601:@timestamp}\\))?( RemoteHost\\(%{DATA:destination.address}\\))?( ArithInsert1\\(%{DATA:ibmmq.errorlog.arithinsert1}\\))?( ArithInsert2\\(%{DATA:ibmmq.errorlog.arithinsert2}\\))?( CommentInsert1\\(%{DATA:ibmmq.errorlog.commentinsert1}\\))?( CommentInsert2\\(%{DATA:ibmmq.errorlog.commentinsert2}\\))?( CommentInsert3\\(%{DATA:ibmmq.errorlog.commentinsert3}\\))? (?=AMQ[0-9]{4})%{DATA:ibmmq.errorlog.code}((?<=AMQ[0-9]{4}[A-Z])%{DATA:log.level})?: %{DATA:ibmmq.errorlog.errordescription} [^\\ ]+:( %{DATA:ibmmq.errorlog.explanation})? [^\\ ]+:( %{DATA:ibmmq.errorlog.action})?$" - ] - } - }, - { - "date": { - "field": "log_timestamp", - "target_field": "@timestamp", - "formats": ["MM/dd/yyyy hh:mm:ss aa", "dd/MM/yyyy HH:mm:ss"], - "ignore_failure": true - } - }, - { - "append": { - "field": "ibmmq.errorlog.commentinsert", - "value": [ - "{{ibmmq.errorlog.commentinsert1}}", - "{{ibmmq.errorlog.commentinsert2}}", - "{{ibmmq.errorlog.commentinsert3}}" - ], - "ignore_failure" : true - } - }, - { - "append": { - "field": "ibmmq.errorlog.arithinsert", - "value": [ - "{{ibmmq.errorlog.arithinsert1}}", - "{{ibmmq.errorlog.arithinsert2}}" - ], - "ignore_failure" : true - } - }, - { - "remove": { - "field": [ - "log_timestamp", - "message", - "ibmmq.errorlog.arithinsert1", - "ibmmq.errorlog.arithinsert2", - "ibmmq.errorlog.commentinsert1", - "ibmmq.errorlog.commentinsert2", - "ibmmq.errorlog.commentinsert3" - ], - "ignore_missing" : true - } - }, - { - "rename": { - "field": "ibmmq.errorlog.errordescription", - "target_field": "message" - } - } - ], - "on_failure" : [{ - "set" : { - "field" : "error.message", - "value" : "pipeline-entry: {{ _ingest.on_failure_message }}" - } - }] -} diff --git a/x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml b/x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml new file mode 100644 index 00000000000..80db3a86a86 --- /dev/null +++ b/x-pack/filebeat/module/ibmmq/errorlog/ingest/pipeline.yml @@ -0,0 +1,76 @@ +description: Pipeline for parsing MQ error logs. +processors: +- gsub: + field: message + pattern: ^[\-]{5}[a-z0-9\. :]*[\-]{5,} + replacement: "" +- gsub: + field: message + pattern: |2+ + + replacement: ' ' +- gsub: + field: message + pattern: '[ ]{2,}' + replacement: ' ' +- trim: + field: message +- rename: + field: '@timestamp' + target_field: event.created +- grok: + field: message + patterns: + - ^%{DATA:log_timestamp} - +- grok: + field: message + patterns: + - 'Process\(%{DATA:process.pid}\) User\(%{WORD:user.name}\) Program\(%{DATA:process.title}\) + Host\(%{DATA:host.hostname}\) Installation\(%{WORD:ibmmq.errorlog.installation}\) + VRMF\(%{DATA:service.version}\)( QMgr\(%{DATA:ibmmq.errorlog.qmgr}\))?( Time\(%{TIMESTAMP_ISO8601:@timestamp}\))?( + RemoteHost\(%{DATA:destination.address}\))?( ArithInsert1\(%{DATA:ibmmq.errorlog.arithinsert1}\))?( + ArithInsert2\(%{DATA:ibmmq.errorlog.arithinsert2}\))?( CommentInsert1\(%{DATA:ibmmq.errorlog.commentinsert1}\))?( + CommentInsert2\(%{DATA:ibmmq.errorlog.commentinsert2}\))?( CommentInsert3\(%{DATA:ibmmq.errorlog.commentinsert3}\))? + (?=AMQ[0-9]{4})%{DATA:ibmmq.errorlog.code}((?<=AMQ[0-9]{4}[A-Z])%{DATA:log.level})?: + %{DATA:ibmmq.errorlog.errordescription} [^\ ]+:( %{DATA:ibmmq.errorlog.explanation})? + [^\ ]+:( %{DATA:ibmmq.errorlog.action})?$' +- date: + field: log_timestamp + target_field: '@timestamp' + formats: + - MM/dd/yyyy hh:mm:ss aa + - dd/MM/yyyy HH:mm:ss + ignore_failure: true +- append: + field: ibmmq.errorlog.commentinsert + value: + - '{{ibmmq.errorlog.commentinsert1}}' + - '{{ibmmq.errorlog.commentinsert2}}' + - '{{ibmmq.errorlog.commentinsert3}}' + ignore_failure: true +- append: + field: ibmmq.errorlog.arithinsert + value: + - '{{ibmmq.errorlog.arithinsert1}}' + - '{{ibmmq.errorlog.arithinsert2}}' + ignore_failure: true +- remove: + field: + - log_timestamp + - message + - ibmmq.errorlog.arithinsert1 + - ibmmq.errorlog.arithinsert2 + - ibmmq.errorlog.commentinsert1 + - ibmmq.errorlog.commentinsert2 + - ibmmq.errorlog.commentinsert3 + ignore_missing: true +- rename: + field: ibmmq.errorlog.errordescription + target_field: message +- set: + field: event.kind + value: event +on_failure: +- set: + field: error.message + value: 'pipeline-entry: {{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/ibmmq/errorlog/manifest.yml b/x-pack/filebeat/module/ibmmq/errorlog/manifest.yml index 1d604fea15a..619ae0834f0 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/manifest.yml +++ b/x-pack/filebeat/module/ibmmq/errorlog/manifest.yml @@ -9,5 +9,5 @@ var: - C:\ProgramData\IBM\MQ\errors\*.LOG* - C:\ProgramData\IBM\MQ\qmgrs\*\errors\*.LOG* -ingest_pipeline: ingest/pipeline.json +ingest_pipeline: ingest/pipeline.yml input: config/errorlog.yml diff --git a/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json b/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json index fed8b570878..7ccc74ea50b 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json +++ b/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json @@ -2,6 +2,7 @@ { "@timestamp": "2018-10-11T08:39:30.731Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -34,6 +35,7 @@ { "@timestamp": "2018-10-11T08:39:30.729Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -66,6 +68,7 @@ { "@timestamp": "2018-10-11T10:46:25.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -98,6 +101,7 @@ { "@timestamp": "2018-10-11T10:46:26.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -130,6 +134,7 @@ { "@timestamp": "2018-10-11T10:46:26.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -162,6 +167,7 @@ { "@timestamp": "2018-10-17T11:50:15.982Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -194,6 +200,7 @@ { "@timestamp": "2018-10-17T11:50:18.439Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -226,6 +233,7 @@ { "@timestamp": "2018-10-18T14:13:58.401Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -258,6 +266,7 @@ { "@timestamp": "2018-10-28T15:12:07.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -290,6 +299,7 @@ { "@timestamp": "2018-10-28T15:12:07.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -322,6 +332,7 @@ { "@timestamp": "2018-10-28T15:12:08.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -354,6 +365,7 @@ { "@timestamp": "2018-10-28T15:12:08.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -386,6 +398,7 @@ { "@timestamp": "2018-10-29T16:48:52.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -418,6 +431,7 @@ { "@timestamp": "2018-10-29T16:48:52.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -450,6 +464,7 @@ { "@timestamp": "2018-10-29T16:48:53.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -482,6 +497,7 @@ { "@timestamp": "2018-10-29T16:48:53.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -514,6 +530,7 @@ { "@timestamp": "2018-10-29T16:49:35.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -546,6 +563,7 @@ { "@timestamp": "2018-10-29T16:49:35.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -578,6 +596,7 @@ { "@timestamp": "2018-10-29T16:49:36.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -610,6 +629,7 @@ { "@timestamp": "2018-10-29T16:49:36.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", diff --git a/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json b/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json index baacbb01c77..45a57fffd05 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json +++ b/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM1.log-expected.json @@ -1,6 +1,7 @@ [ { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -32,6 +33,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -63,6 +65,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -94,6 +97,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -125,6 +129,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -156,6 +161,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -187,6 +193,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -218,6 +225,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -249,6 +257,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -280,6 +289,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -311,6 +321,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -342,6 +353,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -373,6 +385,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -404,6 +417,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -435,6 +449,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -466,6 +481,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -497,6 +513,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -528,6 +545,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -559,6 +577,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -590,6 +609,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -621,6 +641,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -652,6 +673,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -683,6 +705,7 @@ }, { "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -715,6 +738,7 @@ { "@timestamp": "2018-07-13T07:06:03.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -747,6 +771,7 @@ { "@timestamp": "2018-07-13T07:06:03.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -779,6 +804,7 @@ { "@timestamp": "2018-07-13T07:06:03.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -811,6 +837,7 @@ { "@timestamp": "2018-07-13T07:06:03.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -843,6 +870,7 @@ { "@timestamp": "2018-07-13T07:06:03.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -875,6 +903,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -907,6 +936,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -939,6 +969,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -971,6 +1002,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1003,6 +1035,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1035,6 +1068,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1067,6 +1101,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1099,6 +1134,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1131,6 +1167,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1163,6 +1200,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1195,6 +1233,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1227,6 +1266,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1259,6 +1299,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1291,6 +1332,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1323,6 +1365,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1355,6 +1398,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1387,6 +1431,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1419,6 +1464,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1451,6 +1497,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1483,6 +1530,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1515,6 +1563,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1547,6 +1596,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1579,6 +1629,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1611,6 +1662,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1642,6 +1694,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1674,6 +1727,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1706,6 +1760,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1738,6 +1793,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1770,6 +1826,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1802,6 +1859,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1833,6 +1891,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1864,6 +1923,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1895,6 +1955,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1927,6 +1988,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1959,6 +2021,7 @@ { "@timestamp": "2018-07-13T07:06:04.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1991,6 +2054,7 @@ { "@timestamp": "2018-07-18T11:24:26.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2023,6 +2087,7 @@ { "@timestamp": "2018-07-18T11:24:26.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2055,6 +2120,7 @@ { "@timestamp": "2018-07-18T11:24:26.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2087,6 +2153,7 @@ { "@timestamp": "2018-07-18T14:25:37.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2119,6 +2186,7 @@ { "@timestamp": "2018-07-18T14:25:37.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2151,6 +2219,7 @@ { "@timestamp": "2018-07-18T14:25:37.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2183,6 +2252,7 @@ { "@timestamp": "2018-07-18T14:25:47.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2215,6 +2285,7 @@ { "@timestamp": "2018-07-18T14:25:47.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2247,6 +2318,7 @@ { "@timestamp": "2018-07-18T14:25:47.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2279,6 +2351,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2311,6 +2384,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2343,6 +2417,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2375,6 +2450,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2407,6 +2483,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2439,6 +2516,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2471,6 +2549,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2503,6 +2582,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2535,6 +2615,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2567,6 +2648,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2599,6 +2681,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2631,6 +2714,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2663,6 +2747,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2695,6 +2780,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2727,6 +2813,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2759,6 +2846,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2791,6 +2879,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2823,6 +2912,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2855,6 +2945,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2887,6 +2978,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2919,6 +3011,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2951,6 +3044,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2983,6 +3077,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3015,6 +3110,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3046,6 +3142,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3077,6 +3174,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3108,6 +3206,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3140,6 +3239,7 @@ { "@timestamp": "2018-07-20T15:40:17.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", diff --git a/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json b/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json index 032220ccaf8..3d6ef8e7d4f 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json +++ b/x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json @@ -2,6 +2,7 @@ { "@timestamp": "2018-10-17T11:50:16.332Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -35,6 +36,7 @@ { "@timestamp": "2018-10-17T11:50:16.330Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -68,6 +70,7 @@ { "@timestamp": "2018-10-17T11:50:16.377Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -101,6 +104,7 @@ { "@timestamp": "2018-10-17T11:50:16.700Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -134,6 +138,7 @@ { "@timestamp": "2018-10-17T11:50:16.713Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -167,6 +172,7 @@ { "@timestamp": "2018-10-17T11:50:16.716Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -200,6 +206,7 @@ { "@timestamp": "2018-10-17T11:50:16.727Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -233,6 +240,7 @@ { "@timestamp": "2018-10-17T11:50:16.730Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -266,6 +274,7 @@ { "@timestamp": "2018-10-17T11:50:16.740Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -299,6 +308,7 @@ { "@timestamp": "2018-10-17T11:50:16.746Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -332,6 +342,7 @@ { "@timestamp": "2018-10-17T11:50:16.810Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -365,6 +376,7 @@ { "@timestamp": "2018-10-17T11:50:16.811Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -398,6 +410,7 @@ { "@timestamp": "2018-10-17T11:50:16.812Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -431,6 +444,7 @@ { "@timestamp": "2018-10-17T11:50:16.812Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -464,6 +478,7 @@ { "@timestamp": "2018-10-17T11:50:16.812Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -497,6 +512,7 @@ { "@timestamp": "2018-10-17T11:50:18.019Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -530,6 +546,7 @@ { "@timestamp": "2018-10-17T11:50:18.040Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -563,6 +580,7 @@ { "@timestamp": "2018-10-17T11:50:18.100Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -596,6 +614,7 @@ { "@timestamp": "2018-10-17T11:50:18.130Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -629,6 +648,7 @@ { "@timestamp": "2018-10-17T11:50:18.135Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -662,6 +682,7 @@ { "@timestamp": "2018-10-17T11:50:18.202Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -695,6 +716,7 @@ { "@timestamp": "2018-10-17T11:50:18.214Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -728,6 +750,7 @@ { "@timestamp": "2018-10-17T11:50:18.228Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -761,6 +784,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -794,6 +818,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -827,6 +852,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -860,6 +886,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -893,6 +920,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -926,6 +954,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -959,6 +988,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -992,6 +1022,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1025,6 +1056,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1058,6 +1090,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1091,6 +1124,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1124,6 +1158,7 @@ { "@timestamp": "2018-10-17T13:50:18.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1157,6 +1192,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1190,6 +1226,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1223,6 +1260,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1256,6 +1294,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1289,6 +1328,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1322,6 +1362,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1355,6 +1396,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1388,6 +1430,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1421,6 +1464,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1454,6 +1498,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1487,6 +1532,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1520,6 +1566,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1553,6 +1600,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1586,6 +1634,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1619,6 +1668,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1652,6 +1702,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1685,6 +1736,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1718,6 +1770,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1751,6 +1804,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1784,6 +1838,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1817,6 +1872,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1850,6 +1906,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1883,6 +1940,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1916,6 +1974,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1949,6 +2008,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -1982,6 +2042,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2015,6 +2076,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2048,6 +2110,7 @@ { "@timestamp": "2018-10-17T13:50:19.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2081,6 +2144,7 @@ { "@timestamp": "2018-10-18T15:18:48.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2114,6 +2178,7 @@ { "@timestamp": "2018-10-18T15:19:11.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2148,6 +2213,7 @@ "@timestamp": "2018-10-18T16:10:06.000Z", "destination.address": "127.0.0.1", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2181,6 +2247,7 @@ { "@timestamp": "2018-10-18T16:10:06.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2215,6 +2282,7 @@ "@timestamp": "2018-10-18T16:10:12.000Z", "destination.address": "127.0.0.1", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2248,6 +2316,7 @@ { "@timestamp": "2018-10-18T16:10:12.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2282,6 +2351,7 @@ "@timestamp": "2018-10-18T16:10:28.000Z", "destination.address": "127.0.0.1", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2315,6 +2385,7 @@ { "@timestamp": "2018-10-18T16:10:28.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2349,6 +2420,7 @@ "@timestamp": "2018-10-18T16:13:20.000Z", "destination.address": "127.0.0.1", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2382,6 +2454,7 @@ { "@timestamp": "2018-10-18T16:13:20.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2415,6 +2488,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2448,6 +2522,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2481,6 +2556,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2514,6 +2590,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2547,6 +2624,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2580,6 +2658,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2613,6 +2692,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2646,6 +2726,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2679,6 +2760,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2712,6 +2794,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2745,6 +2828,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2778,6 +2862,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2811,6 +2896,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2844,6 +2930,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2877,6 +2964,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2910,6 +2998,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2943,6 +3032,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -2976,6 +3066,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3009,6 +3100,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3042,6 +3134,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3075,6 +3168,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3108,6 +3202,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3141,6 +3236,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3174,6 +3270,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3206,6 +3303,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3238,6 +3336,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC", @@ -3270,6 +3369,7 @@ { "@timestamp": "2018-10-18T16:13:46.000Z", "event.dataset": "ibmmq.errorlog", + "event.kind": "event", "event.module": "ibmmq", "fileset.name": "errorlog", "host.hostname": "FELIX-ELASTIC",