diff --git a/packages/gcp/_dev/build/docs/README.md b/packages/gcp/_dev/build/docs/README.md new file mode 100644 index 00000000000..08fffbde7ca --- /dev/null +++ b/packages/gcp/_dev/build/docs/README.md @@ -0,0 +1,30 @@ +# Google Cloud Integration + +The Google Cloud integration collects and parses Google Cloud audit, VPC flow, +and firewall logs that have been exported from Stackdriver to a Google Pub/Sub topic sink. + +## Logs + +### Audit + +This is the `audit` dataset. + +{{event "audit"}} + +{{fields "audit"}} + +### Firewall + +This is the `firewall` dataset. + +{{event "firewall"}} + +{{fields "firewall"}} + +### VPC Flow + +This is the `VPC Flow` dataset. + +{{event "vpcflow"}} + +{{fields "vpcflow"}} diff --git a/packages/gcp/_dev/deploy/docker/docker-compose.yml b/packages/gcp/_dev/deploy/docker/docker-compose.yml new file mode 100644 index 00000000000..d06aa87367f --- /dev/null +++ b/packages/gcp/_dev/deploy/docker/docker-compose.yml @@ -0,0 +1,49 @@ +version: '2.3' +services: + gcppubsub-emulator: + image: google/cloud-sdk:emulators + command: gcloud beta emulators pubsub start --host-port=0.0.0.0:8681 + ports: + - "8681/tcp" + gcppubsub-audit: + image: akroh/stream:v0.3.0 + volumes: + - ./sample_logs:/sample_logs:ro + command: + - log + - --retry=30 + - --addr=gcppubsub-emulator:8681 + - -p=gcppubsub + - --gcppubsub-clear=true + - --gcppubsub-project=audit + - /sample_logs/audit.log + depends_on: + - gcppubsub-emulator + gcppubsub-firewall: + image: akroh/stream:v0.3.0 + volumes: + - ./sample_logs:/sample_logs:ro + command: + - log + - --retry=30 + - --addr=gcppubsub-emulator:8681 + - -p=gcppubsub + - --gcppubsub-clear=true + - --gcppubsub-project=firewall + - /sample_logs/firewall.log + depends_on: + - gcppubsub-emulator + gcppubsub-vpcflow: + image: akroh/stream:v0.3.0 + volumes: + - ./sample_logs:/sample_logs:ro + command: + - log + - --retry=30 + - --addr=gcppubsub-emulator:8681 + - -p=gcppubsub + - --gcppubsub-clear=true + - --gcppubsub-project=vpcflow + - /sample_logs/vpcflow.log + depends_on: + - gcppubsub-emulator diff --git a/packages/gcp/_dev/deploy/docker/sample_logs/audit.log b/packages/gcp/_dev/deploy/docker/sample_logs/audit.log new file mode 100644 index 00000000000..9c228890527 --- /dev/null +++ b/packages/gcp/_dev/deploy/docker/sample_logs/audit.log @@ -0,0 +1,7 @@ +{"insertId":"-uihnmjctwo","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"resourcemanager.projects.get","resource":"projects/elastic-beats","resourceAttributes":{}}],"methodName":"GetResourceBillingInfo","request":{"@type":"type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest","resourceName":"projects/189716325846"},"requestMetadata":{"callerIp":"192.168.1.1","destinationAttributes":{},"requestAttributes":{}},"resourceName":"projects/elastic-beats","serviceName":"cloudbilling.googleapis.com","status":{}},"receiveTimestamp":"2019-12-19T00:49:36.313482371Z","resource":{"labels":{"project_id":"elastic-beats"},"type":"project"},"severity":"INFO","timestamp":"2019-12-19T00:49:36.086Z"} +{"insertId":"-h6onuze1h7dg","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":false,"permission":"compute.machineTypes.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.machineTypes.aggregatedList","numResponseItems":"71","request":{"@type":"type.googleapis.com/compute.machineTypes.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:45:51.711Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/machineTypes","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:45:52.367887078Z","resource":{"labels":{"location":"global","method":"compute.machineTypes.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:45:51.228Z"} +{"insertId":"yonau2dg2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"response":{"@type":"core.k8s.io/v1.Status","apiVersion":"v1","details":{"group":"batch","kind":"jobs","name":"gsuite-exporter-1589294700","uid":"2beff34a-945f-11ea-bacf-42010a80007f"},"kind":"Status","metadata":{},"status":"Success"},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} +{"insertId":"yonau3dc2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com","status":{"code":7,"message":"PERMISSION_DENIED"}},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} +{"insertId":"87efd529-6349-45d2-b905-fc607e6c5d3b","labels":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"cert-manager-webhook:auth-delegator\" of ClusterRole \"system:auth-delegator\" to ServiceAccount \"cert-manager-webhook/cert-manager\""},"logName":"projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access","operation":{"first":true,"id":"5555555-6349-45d2-b905-fc607e6c5d3b","last":true,"producer":"k8s.io"},"protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"system:serviceaccount:cert-manager:cert-manager-webhook"},"authorizationInfo":[{"granted":true,"permission":"io.k8s.authorization.v1beta1.subjectaccessreviews.create","resource":"authorization.k8s.io/v1beta1/subjectaccessreviews"}],"methodName":"io.k8s.authorization.v1beta1.subjectaccessreviews.create","request":{"@type":"authorization.k8s.io/v1beta1.SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","kind":"SubjectAccessReview","metadata":{"creationTimestamp":null},"spec":{"group":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"nonResourceAttributes":{"path":"/apis/webhook.cert-manager.io/v1beta1","verb":"get"},"user":"system:serviceaccount:kube-system:resourcequota-controller"},"status":{"allowed":false}},"requestMetadata":{"callerIp":"10.11.12.13","callerSuppliedUserAgent":"webhook/v0.0.0 (linux/amd64) kubernetes/$Format"},"resourceName":"authorization.k8s.io/v1beta1/subjectaccessreviews","response":{"@type":"authorization.k8s.io/v1beta1.SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","kind":"SubjectAccessReview","metadata":{"creationTimestamp":null},"spec":{"group":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"nonResourceAttributes":{"path":"/apis/webhook.cert-manager.io/v1beta1","verb":"get"},"user":"system:serviceaccount:kube-system:resourcequota-controller"},"status":{"allowed":true,"reason":"RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\""}},"serviceName":"k8s.io","status":{"code":0}},"receiveTimestamp":"2020-08-05T21:07:32.157698684Z","resource":{"labels":{"cluster_name":"analysis-cluster","location":"us-central1-a","project_id":"elastic-siem"},"type":"k8s_cluster"},"timestamp":"2020-08-05T21:07:30.974750Z"} +{"insertId":"v2spcwdzmc2","logName":"projects/foo/logs/cloudaudit.googleapis.com%2Factivity","operation":{"first":true,"id":"operation-1596664766354-5ac287c395484-fa3923bd-543e018e","producer":"compute.googleapis.com"},"protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"user@mycompany.com"},"authorizationInfo":[{"granted":true,"permission":"compute.images.create","resourceAttributes":{"name":"projects/foo/global/images/windows-server-2016-v20200805","service":"compute","type":"compute.images"}}],"methodName":"v1.compute.images.insert","request":{"@type":"type.googleapis.com/compute.images.insert","family":"windows-server-2016","guestOsFeatures":[{"type":"VIRTIO_SCSI_MULTIQUEUE"},{"type":"WINDOWS"}],"name":"windows-server-2016-v20200805","rawDisk":{"source":"https://storage.googleapis.com/storage/v1/b/foo/o/windows-server-2016-v20200805.tar.gz"},"sourceType":"RAW"},"requestMetadata":{"callerIp":"1.2.3.4","callerSuppliedUserAgent":"google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2020-08-05T21:59:27.515Z"}},"resourceLocation":{"currentLocations":["eu"]},"resourceName":"projects/foo/global/images/windows-server-2016-v20200805","response":{"@type":"type.googleapis.com/operation","id":"44919313","insertTime":"2020-08-05T14:59:27.259-07:00","name":"operation-1596664766354-5ac287c395484-fa3923bd-543e018e","operationType":"insert","progress":"0","selfLink":"https://www.googleapis.com/compute/v1/projects/foo/global/operations/operation-1596664766354-5ac287c395484-fa3923bd-543e018e","selfLinkWithId":"https://www.googleapis.com/compute/v1/projects/foo/global/operations/4491931805423146320","startTime":"2020-08-05T14:59:27.274-07:00","status":"RUNNING","targetId":"12345","targetLink":"https://www.googleapis.com/compute/v1/projects/foo/global/images/windows-server-2016-v20200805","user":"user@mycompany.com"},"serviceName":"compute.googleapis.com"},"receiveTimestamp":"2020-08-05T21:59:27.822546978Z","resource":{"labels":{"image_id":"771879043","project_id":"foo"},"type":"gce_image"},"severity":"NOTICE","timestamp":"2020-08-05T21:59:26.456Z"} +{"insertId":"-c7ctxmd2zab","logName":"projects/foo/logs/cloudaudit.googleapis.com%2Factivity","operation":{"id":"operation-1596646123456-5ac2438b775f6-f8ca1382-e70b6831","last":true,"producer":"compute.googleapis.com"},"protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"user@mycompany.com"},"methodName":"beta.compute.instances.stop","request":{"@type":"type.googleapis.com/compute.instances.stop"},"requestMetadata":{"callerIp":"2.3.4.5","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)"},"resourceName":"projects/foo/zones/us-central1-a/instances/win10-test","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2020-08-05T16:56:41.315135528Z","resource":{"labels":{"instance_id":"590261181","project_id":"foo","zone":"us-central1-a"},"type":"gce_instance"},"severity":"NOTICE","timestamp":"2020-08-05T16:56:40.428Z"} diff --git a/packages/gcp/_dev/deploy/docker/sample_logs/firewall.log b/packages/gcp/_dev/deploy/docker/sample_logs/firewall.log new file mode 100644 index 00000000000..0843196acc5 --- /dev/null +++ b/packages/gcp/_dev/deploy/docker/sample_logs/firewall.log @@ -0,0 +1,22 @@ +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.128.0.16","dest_port":80,"protocol":6,"src_ip":"10.142.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"12345667","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} +{"insertId":"1dobeotg13df9f7","jsonPayload":{"connection":{"dest_ip":"10.128.0.10","dest_port":57794,"protocol":6,"src_ip":"10.142.0.16","src_port":80},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"EGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"892378332","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} +{"insertId":"4zuj4nfn4llkb","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":53,"protocol":17,"src_ip":"10.128.0.16","src_port":60094},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:35:24.466374097Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:35:17.214711274Z"} +{"insertId":"1f21ciqfpfssuo","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.126","src_port":64853},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"continent":"Asia","country":"omn"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-10-30T13:52:54.473174731Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-10-30T13:52:42.191988835Z"} +{"insertId":"8vcfeailjd","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.219","src_port":2897},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Krasnodar","continent":"Europe","country":"rus","region":"Krasnodar Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:31:22.738796433Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:31:19.421478847Z"} +{"insertId":"1bqgmw9feiabij","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:35.727004321Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:31.079508196Z"} +{"insertId":"1jrxaqbfe48bir","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:40.791816098Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:34.190831607Z"} +{"insertId":"1fw7drlfe2ty27","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.151","src_port":62551},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Berdychiv","continent":"Europe","country":"ukr","region":"Zhytomyr Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:48:47.038820509Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:48:41.449552758Z"} +{"insertId":"1yre751fekaxzs","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.241","src_port":44542},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Vicenza","continent":"Europe","country":"ita","region":"Veneto"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:10:30.804549999Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:10:24.214995318Z"} +{"insertId":"5kanfzfiqepkh","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.114","src_port":41293},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Tula","continent":"Europe","country":"rus","region":"Tula Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:35:28.934918322Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:35:23.504719962Z"} +{"insertId":"59z0t8fiow9vg","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.251","src_port":59106},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Stavropol","continent":"Europe","country":"rus","region":"Stavropol Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:36:54.238077643Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:36:52.135887769Z"} +{"insertId":"1y7e4yzff816cq","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:26.357446279Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:16.59353182Z"} +{"insertId":"lx5jlsfggpr0q","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:28.203068653Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:22.930570324Z"} +{"insertId":"18ynfbufer19m1","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.200","src_port":42716},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"İzmir","continent":"Asia","country":"tur","region":"İzmir"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:32:14.038485761Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:32:07.407039908Z"} +{"insertId":"tzddthfsr6fv5","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":6,"src_ip":"10.28.0.16","src_port":46418},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:41:28.971534988Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:41:20.972747063Z"} +{"insertId":"1k2b7kefsnhzq7","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":17,"src_ip":"10.28.0.16","src_port":58725},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:42:33.671883883Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:42:26.50532921Z"} +{"insertId":"1sdfuwxfk8hq1c","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44666},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.531819246Z"} +{"insertId":"1sdfuwxfk8hq1b","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44668},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.551617516Z"} +{"insertId":"yot1ojetjdiw","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.7","src_port":1683},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"city":"Almelo","continent":"Europe","country":"nld","region":"Overijssel"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:28.477733837Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:15.771161946Z"} +{"insertId":"5a27u1g22jks9e","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45068},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.850729583Z"} +{"insertId":"5a27u1g22jks8t","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45062},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.85023465Z"} +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"10.42.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} diff --git a/packages/gcp/_dev/deploy/docker/sample_logs/vpcflow.log b/packages/gcp/_dev/deploy/docker/sample_logs/vpcflow.log new file mode 100644 index 00000000000..6e27f806daa --- /dev/null +++ b/packages/gcp/_dev/deploy/docker/sample_logs/vpcflow.log @@ -0,0 +1,296 @@ +{"insertId":"ut8lbrffooxyw","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.12","dest_port":33478,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:37.301953198Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:37.186193305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzb","jsonPayload":{"bytes_sent":"173663","connection":{"dest_ip":"10.87.40.76","dest_port":33970,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"68","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466657665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxze","jsonPayload":{"bytes_sent":"155707","connection":{"dest_ip":"203.0.113.134","dest_port":33576,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821143836Z","packets_sent":"78","reporter":"SRC","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510622432Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyz","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"192.0.2.23","dest_port":59679,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":49505,"city":"Saint Petersburg","continent":"Europe","country":"rus","region":"Saint Petersburg"},"end_time":"2019-06-14T03:40:46.031032701Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:45.860349247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz6","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"192.0.2.117","dest_port":50646,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:37.048196137Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:36.895188084Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzf","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":50646},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:37.048196137Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:36.895188084Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz1","jsonPayload":{"bytes_sent":"186151","connection":{"dest_ip":"10.87.40.76","dest_port":33692,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"251","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyp","jsonPayload":{"bytes_sent":"15169","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33880},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821308944Z","packets_sent":"92","reporter":"SRC","rtt_msec":"3","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469099728Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzd","jsonPayload":{"bytes_sent":"250864","connection":{"dest_ip":"10.87.40.76","dest_port":33554,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"247","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500506974Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz8","jsonPayload":{"bytes_sent":"167939","connection":{"dest_ip":"10.87.40.76","dest_port":33880,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821308944Z","packets_sent":"63","reporter":"DEST","rtt_msec":"3","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469099728Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyt","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"192.0.2.23","src_port":59679},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:46.031032701Z","packets_sent":"3","reporter":"DEST","src_location":{"asn":49505,"city":"Saint Petersburg","continent":"Europe","country":"rus","region":"Saint Petersburg"},"start_time":"2019-06-14T03:40:45.860349247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz5","jsonPayload":{"bytes_sent":"11773","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33576},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"94","reporter":"DEST","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510622432Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxza","jsonPayload":{"bytes_sent":"65699","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33562},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393910944Z","packets_sent":"356","reporter":"DEST","rtt_msec":"192","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074897435Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyq","jsonPayload":{"bytes_sent":"66029","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33692},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"361","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz2","jsonPayload":{"bytes_sent":"65154","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33542},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"360","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150720950Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyo","jsonPayload":{"bytes_sent":"13643","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33970},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"99","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466657665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzc","jsonPayload":{"bytes_sent":"34509840","connection":{"dest_ip":"10.49.136.133","dest_port":46864,"protocol":6,"src_ip":"203.0.113.93","src_port":9243},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:29.432367659Z","packets_sent":"8690","reporter":"DEST","rtt_msec":"36","start_time":"2019-06-14T03:40:17.343890802Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz7","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":34836},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:39.076420731Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:38.961050187Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyu","jsonPayload":{"bytes_sent":"63671","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33554},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"367","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500506974Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyv","jsonPayload":{"bytes_sent":"51075","connection":{"dest_ip":"203.0.113.58","dest_port":65320,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220714119Z","packets_sent":"608","reporter":"SRC","rtt_msec":"220","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.560917237Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz0","jsonPayload":{"bytes_sent":"197840","connection":{"dest_ip":"203.0.113.134","dest_port":33562,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393910944Z","packets_sent":"258","reporter":"SRC","rtt_msec":"192","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074897435Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxys","jsonPayload":{"bytes_sent":"173805495","connection":{"dest_ip":"203.0.113.93","dest_port":9243,"protocol":6,"src_ip":"10.49.136.133","src_port":46864},"end_time":"2019-06-14T03:49:58.716492806Z","packets_sent":"44438","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:17.306085222Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyx","jsonPayload":{"bytes_sent":"1468","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":33478},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:37.301953198Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:37.186193305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz4","jsonPayload":{"bytes_sent":"159704","connection":{"dest_ip":"203.0.113.134","dest_port":33548,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393651211Z","packets_sent":"241","reporter":"SRC","rtt_msec":"50","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147252064Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz3","jsonPayload":{"bytes_sent":"70775","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65320},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220714119Z","packets_sent":"732","reporter":"DEST","rtt_msec":"220","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.560917237Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz9","jsonPayload":{"bytes_sent":"281147","connection":{"dest_ip":"10.87.40.76","dest_port":33542,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150720950Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyr","jsonPayload":{"bytes_sent":"63590","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33548},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.537763242Z","packets_sent":"340","reporter":"DEST","rtt_msec":"50","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147252064Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyy","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":34836,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:39.076420731Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:38.961050187Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"1ulp77rfdvho4g","jsonPayload":{"bytes_sent":"1239","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"192.0.2.165","src_port":59623},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:52.361155668Z","packets_sent":"18","reporter":"DEST","rtt_msec":"233","src_location":{"asn":45899,"city":"Vĩnh Yên","continent":"Asia","country":"vnm","region":"Vinh Phuc Province"},"start_time":"2019-06-14T03:40:46.541094678Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5r","jsonPayload":{"bytes_sent":"63853","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33552},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213244028Z","packets_sent":"363","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075811571Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5k","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33924},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:20.745658276Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:20.634435179Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho55","jsonPayload":{"bytes_sent":"252397","connection":{"dest_ip":"203.0.113.134","dest_port":33534,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597088427Z","packets_sent":"260","reporter":"SRC","rtt_msec":"311","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075942176Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho60","jsonPayload":{"bytes_sent":"205787","connection":{"dest_ip":"203.0.113.134","dest_port":33694,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565117754Z","packets_sent":"265","reporter":"SRC","rtt_msec":"216","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566551903Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho49","jsonPayload":{"bytes_sent":"106409","connection":{"dest_ip":"203.0.113.58","dest_port":65263,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220748025Z","packets_sent":"607","reporter":"SRC","rtt_msec":"87","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.270990648Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4t","jsonPayload":{"bytes_sent":"61242","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33534},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597088427Z","packets_sent":"356","reporter":"DEST","rtt_msec":"311","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075942176Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho68","jsonPayload":{"bytes_sent":"248826","connection":{"dest_ip":"203.0.113.101","dest_port":49680,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"siem-windows","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"},"end_time":"2019-06-14T03:49:55.705469925Z","packets_sent":"735","reporter":"SRC","rtt_msec":"113","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.711043814Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5n","jsonPayload":{"bytes_sent":"1777","connection":{"dest_ip":"192.0.2.117","dest_port":33862,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:11.779780615Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:11.655143526Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5l","jsonPayload":{"bytes_sent":"116845","connection":{"dest_ip":"203.0.113.58","dest_port":65321,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"594","reporter":"SRC","rtt_msec":"219","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.843986502Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho65","jsonPayload":{"bytes_sent":"4614","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33524},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461087350Z","packets_sent":"58","reporter":"DEST","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.790136141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4b","jsonPayload":{"bytes_sent":"50379","connection":{"dest_ip":"192.0.2.177","dest_port":60112,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:18.224268993Z","packets_sent":"130","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:14.031541248Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4m","jsonPayload":{"bytes_sent":"200417","connection":{"dest_ip":"10.87.40.76","dest_port":33552,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213244028Z","packets_sent":"250","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075811571Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5t","jsonPayload":{"bytes_sent":"30233","connection":{"dest_ip":"203.0.113.134","dest_port":33524,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461087350Z","packets_sent":"37","reporter":"SRC","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.790136141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho50","jsonPayload":{"bytes_sent":"160693","connection":{"dest_ip":"10.87.40.76","dest_port":33548,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565451051Z","packets_sent":"237","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147072949Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho63","jsonPayload":{"bytes_sent":"59903","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33694},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565117754Z","packets_sent":"353","reporter":"DEST","rtt_msec":"216","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566551903Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4r","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":33924,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:20.745658276Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:20.634545217Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4i","jsonPayload":{"bytes_sent":"129335","connection":{"dest_ip":"203.0.113.58","dest_port":65271,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:55.318940798Z","packets_sent":"605","reporter":"SRC","rtt_msec":"89","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.155378070Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5v","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":33862},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:11.779780615Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:11.655143526Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5i","jsonPayload":{"bytes_sent":"75477","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65321},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"737","reporter":"DEST","rtt_msec":"219","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.843986502Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5c","jsonPayload":{"bytes_sent":"102119","connection":{"dest_ip":"203.0.113.58","dest_port":65316,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"600","reporter":"SRC","rtt_msec":"86","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.565831992Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5p","jsonPayload":{"bytes_sent":"1541638","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.101","src_port":49680},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.705469925Z","packets_sent":"949","reporter":"DEST","rtt_msec":"113","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"siem-windows","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"},"start_time":"2019-06-14T03:39:59.711043814Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4y","jsonPayload":{"bytes_sent":"755901","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60112},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:18.224268993Z","packets_sent":"227","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:14.031541248Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4o","jsonPayload":{"bytes_sent":"248715","connection":{"dest_ip":"203.0.113.134","dest_port":33558,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.394676451Z","packets_sent":"270","reporter":"SRC","rtt_msec":"144","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:58.492572765Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5g","jsonPayload":{"bytes_sent":"69757","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65316},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"709","reporter":"DEST","rtt_msec":"86","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.565831992Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho59","jsonPayload":{"bytes_sent":"69440","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65263},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220748025Z","packets_sent":"728","reporter":"DEST","rtt_msec":"87","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:01.270990648Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho57","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":50438},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:20.569744903Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:20.454046087Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5e","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"192.0.2.117","dest_port":50438,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:20.569744903Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.454046087Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4d","jsonPayload":{"bytes_sent":"2395","connection":{"dest_ip":"192.0.2.165","dest_port":59623,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":45899,"city":"Vĩnh Yên","continent":"Asia","country":"vnm","region":"Vinh Phuc Province"},"end_time":"2019-06-14T03:40:52.361155668Z","packets_sent":"11","reporter":"SRC","rtt_msec":"233","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:46.541094678Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5y","jsonPayload":{"bytes_sent":"60335","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33558},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.538257098Z","packets_sent":"353","reporter":"DEST","rtt_msec":"144","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:58.492572765Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho6a","jsonPayload":{"bytes_sent":"65565","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33548},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565451051Z","packets_sent":"354","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147072949Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4v","jsonPayload":{"bytes_sent":"70174","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65271},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.318940798Z","packets_sent":"717","reporter":"DEST","rtt_msec":"89","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.155378070Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"bnj3cofh3cdk1","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":34178},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:51.355687385Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:51.237256499Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjx","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33602},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:51.090104692Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:50.954948790Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdju","jsonPayload":{"bytes_sent":"66736","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33554},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565131125Z","packets_sent":"366","reporter":"DEST","rtt_msec":"224","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143837873Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjz","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":33602,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:51.090104692Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:50.954948790Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkk","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":52454},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:40.888804332Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:40.779893091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk0","jsonPayload":{"bytes_sent":"259510","connection":{"dest_ip":"10.87.40.76","dest_port":33534,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597279654Z","packets_sent":"251","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075756033Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":52260,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:11.183868408Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:11.063146265Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkp","jsonPayload":{"bytes_sent":"65069","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33530},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565300944Z","packets_sent":"361","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140119099Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkc","jsonPayload":{"bytes_sent":"60530","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33556},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"366","reporter":"SRC","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkm","jsonPayload":{"bytes_sent":"11384","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33570},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821047175Z","packets_sent":"86","reporter":"DEST","rtt_msec":"230","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469473010Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjy","jsonPayload":{"bytes_sent":"272063","connection":{"dest_ip":"203.0.113.134","dest_port":33554,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565131125Z","packets_sent":"247","reporter":"SRC","rtt_msec":"224","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143837873Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjv","jsonPayload":{"bytes_sent":"1791","connection":{"dest_ip":"203.0.113.27","dest_port":53706,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:50.822333871Z","packets_sent":"7","reporter":"SRC","rtt_msec":"43","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:50.703302550Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkh","jsonPayload":{"bytes_sent":"18295","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33858},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789039435Z","packets_sent":"118","reporter":"DEST","rtt_msec":"253","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458515996Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkg","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33064},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:40.243022993Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:40.125336665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk7","jsonPayload":{"bytes_sent":"165290","connection":{"dest_ip":"10.87.40.76","dest_port":33556,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"251","reporter":"DEST","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk9","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":53706},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:50.822333871Z","packets_sent":"7","reporter":"DEST","rtt_msec":"43","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:50.703302550Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkj","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":52260},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:11.183868408Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:11.063146265Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdki","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34090,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:37.827345444Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:37.712749588Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkd","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":34178,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:51.355687385Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:51.237256499Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjw","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":33064,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:40.243022993Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:40.125336665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk3","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":34906},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:50.757255245Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:50.642206049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkb","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.12","dest_port":58216,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:36.982303071Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:36.865198297Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk4","jsonPayload":{"bytes_sent":"60222","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33534},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597279654Z","packets_sent":"361","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075756033Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkf","jsonPayload":{"bytes_sent":"61810","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33510},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"358","reporter":"SRC","rtt_msec":"16","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500418290Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkl","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":58216},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:36.982303071Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:36.865198297Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk2","jsonPayload":{"bytes_sent":"136558","connection":{"dest_ip":"10.87.40.76","dest_port":33510,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"243","reporter":"DEST","rtt_msec":"16","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500418290Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdko","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":34906,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:50.757255245Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:50.642206049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdke","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":52454,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:40.888804332Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:40.779893091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdka","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34090},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:37.827345444Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:37.712749588Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkn","jsonPayload":{"bytes_sent":"170396","connection":{"dest_ip":"10.87.40.76","dest_port":33530,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565300944Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140119099Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk5","jsonPayload":{"bytes_sent":"171610","connection":{"dest_ip":"203.0.113.134","dest_port":33570,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821129119Z","packets_sent":"71","reporter":"SRC","rtt_msec":"230","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469473010Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk6","jsonPayload":{"bytes_sent":"15186","connection":{"dest_ip":"203.0.113.134","dest_port":33858,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933164456Z","packets_sent":"75","reporter":"SRC","rtt_msec":"253","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458515996Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"y4wffpfk2ero3","jsonPayload":{"bytes_sent":"208416","connection":{"dest_ip":"203.0.113.134","dest_port":33590,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565116665Z","packets_sent":"249","reporter":"SRC","rtt_msec":"109","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147151100Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroh","jsonPayload":{"bytes_sent":"90977","connection":{"dest_ip":"192.0.2.177","dest_port":60108,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:54.108975753Z","packets_sent":"357","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.762958327Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erom","jsonPayload":{"bytes_sent":"187301","connection":{"dest_ip":"203.0.113.134","dest_port":33536,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565156020Z","packets_sent":"242","reporter":"SRC","rtt_msec":"194","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150481417Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero9","jsonPayload":{"bytes_sent":"139106","connection":{"dest_ip":"10.87.40.76","dest_port":33560,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"244","reporter":"DEST","rtt_msec":"11","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075859688Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erog","jsonPayload":{"bytes_sent":"1733360","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60108},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:54.108975753Z","packets_sent":"708","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.762958327Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero7","jsonPayload":{"bytes_sent":"149157","connection":{"dest_ip":"203.0.113.134","dest_port":33874,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933099658Z","packets_sent":"74","reporter":"SRC","rtt_msec":"142","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.513551480Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroe","jsonPayload":{"bytes_sent":"11108","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965119632Z","packets_sent":"95","reporter":"DEST","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480430427Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroa","jsonPayload":{"bytes_sent":"67337","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33590},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565116665Z","packets_sent":"351","reporter":"DEST","rtt_msec":"109","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147151100Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroi","jsonPayload":{"bytes_sent":"136375","connection":{"dest_ip":"10.87.40.76","dest_port":33538,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"246","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero8","jsonPayload":{"bytes_sent":"181424","connection":{"dest_ip":"203.0.113.134","dest_port":33690,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393929808Z","packets_sent":"241","reporter":"SRC","rtt_msec":"196","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075867049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erol","jsonPayload":{"bytes_sent":"9303","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33874},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933099658Z","packets_sent":"94","reporter":"DEST","rtt_msec":"142","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.513551480Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero4","jsonPayload":{"bytes_sent":"142871","connection":{"dest_ip":"203.0.113.134","dest_port":33572,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821149051Z","packets_sent":"77","reporter":"SRC","rtt_msec":"335","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470754779Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eror","jsonPayload":{"bytes_sent":"158811","connection":{"dest_ip":"203.0.113.134","dest_port":33968,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965119632Z","packets_sent":"69","reporter":"SRC","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480430427Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erob","jsonPayload":{"bytes_sent":"13455","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33880},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821047175Z","packets_sent":"81","reporter":"DEST","rtt_msec":"252","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470071135Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erox","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":57300,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:22.156322353Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:22.044604322Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroc","jsonPayload":{"bytes_sent":"71014","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65315},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220720811Z","packets_sent":"728","reporter":"DEST","rtt_msec":"210","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.844068405Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erok","jsonPayload":{"bytes_sent":"60749","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33538},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eros","jsonPayload":{"bytes_sent":"160451","connection":{"dest_ip":"203.0.113.134","dest_port":33880,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821138391Z","packets_sent":"66","reporter":"SRC","rtt_msec":"252","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470071135Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erod","jsonPayload":{"bytes_sent":"169173","connection":{"dest_ip":"10.87.40.76","dest_port":33574,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"64","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466811088Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero6","jsonPayload":{"bytes_sent":"118762","connection":{"dest_ip":"203.0.113.58","dest_port":65315,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220720811Z","packets_sent":"615","reporter":"SRC","rtt_msec":"210","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.844068405Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eron","jsonPayload":{"bytes_sent":"11137","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33576},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"96","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510464198Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroy","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":57300},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:22.156322353Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:22.044604322Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erof","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.12","dest_port":54662,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:12.142682672Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:12.027895189Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erov","jsonPayload":{"bytes_sent":"11674","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33572},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"96","reporter":"DEST","rtt_msec":"335","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470754779Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erop","jsonPayload":{"bytes_sent":"62831","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33540},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789112562Z","packets_sent":"346","reporter":"DEST","rtt_msec":"313","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074813982Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erou","jsonPayload":{"bytes_sent":"15169","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33574},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"93","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466811088Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroj","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":54662},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:12.142682672Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:12.027895189Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erow","jsonPayload":{"bytes_sent":"64588","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33560},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"11","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075859688Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erot","jsonPayload":{"bytes_sent":"67315","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565156020Z","packets_sent":"354","reporter":"DEST","rtt_msec":"194","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150481417Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroq","jsonPayload":{"bytes_sent":"175633","connection":{"dest_ip":"10.87.40.76","dest_port":33576,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"67","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510464198Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero5","jsonPayload":{"bytes_sent":"116981","connection":{"dest_ip":"203.0.113.134","dest_port":33540,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789112562Z","packets_sent":"234","reporter":"SRC","rtt_msec":"313","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074813982Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroo","jsonPayload":{"bytes_sent":"67789","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33690},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.542406314Z","packets_sent":"344","reporter":"DEST","rtt_msec":"196","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075867049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"ptjoddfhmrhg9","jsonPayload":{"bytes_sent":"136166","connection":{"dest_ip":"203.0.113.134","dest_port":33538,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565124617Z","packets_sent":"245","reporter":"SRC","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074952616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgh","jsonPayload":{"bytes_sent":"68262","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65257},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220614265Z","packets_sent":"718","reporter":"DEST","rtt_msec":"220","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.403388091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgj","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":52328},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:20.952481728Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:20.842840991Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgr","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":59790},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:50.702194466Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:50.590894439Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgn","jsonPayload":{"bytes_sent":"73681","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65317},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"728","reporter":"DEST","rtt_msec":"62","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.740491697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhga","jsonPayload":{"bytes_sent":"92566","connection":{"dest_ip":"203.0.113.58","dest_port":65317,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"596","reporter":"SRC","rtt_msec":"62","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.740491697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgk","jsonPayload":{"bytes_sent":"66094","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33692},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565137912Z","packets_sent":"360","reporter":"DEST","rtt_msec":"181","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.558259934Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgm","jsonPayload":{"bytes_sent":"4900","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65262},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220741828Z","packets_sent":"542","reporter":"DEST","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.251430011Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgd","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":52328,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:20.952481728Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:20.842840991Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgl","jsonPayload":{"bytes_sent":"63280","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33552},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213081491Z","packets_sent":"361","reporter":"DEST","rtt_msec":"21","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075957044Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgi","jsonPayload":{"bytes_sent":"774029","connection":{"dest_ip":"198.51.100.239","dest_port":37292,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":24940,"city":"Bucharest","continent":"Europe","country":"rou","region":"Bucharest"},"end_time":"2019-06-14T03:49:35.841633589Z","packets_sent":"403","reporter":"SRC","rtt_msec":"102","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:35.048156283Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgo","jsonPayload":{"bytes_sent":"359272","connection":{"dest_ip":"10.87.40.76","dest_port":33876,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933338264Z","packets_sent":"66","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466706102Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgp","jsonPayload":{"bytes_sent":"310476","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.239","src_port":37292},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:35.841633589Z","packets_sent":"214","reporter":"DEST","rtt_msec":"102","src_location":{"asn":24940,"city":"Bucharest","continent":"Europe","country":"rou","region":"Bucharest"},"start_time":"2019-06-14T03:40:35.048156283Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhg8","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"198.51.100.107","dest_port":59790,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:50.702194466Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:50.590894439Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgf","jsonPayload":{"bytes_sent":"209716","connection":{"dest_ip":"203.0.113.134","dest_port":33552,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213081491Z","packets_sent":"262","reporter":"SRC","rtt_msec":"21","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075957044Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgg","jsonPayload":{"bytes_sent":"165643","connection":{"dest_ip":"203.0.113.134","dest_port":33556,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565214145Z","packets_sent":"256","reporter":"SRC","rtt_msec":"133","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:03.062674441Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgb","jsonPayload":{"bytes_sent":"65890","connection":{"dest_ip":"203.0.113.58","dest_port":65257,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220614265Z","packets_sent":"593","reporter":"SRC","rtt_msec":"220","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.403388091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgs","jsonPayload":{"bytes_sent":"62620","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33538},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565124617Z","packets_sent":"358","reporter":"DEST","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074952616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhge","jsonPayload":{"bytes_sent":"185520","connection":{"dest_ip":"203.0.113.134","dest_port":33692,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565137912Z","packets_sent":"249","reporter":"SRC","rtt_msec":"181","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.558259934Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgc","jsonPayload":{"bytes_sent":"33269","connection":{"dest_ip":"203.0.113.58","dest_port":65262,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220741828Z","packets_sent":"517","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.251430011Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhg7","jsonPayload":{"bytes_sent":"58811","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33556},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565214145Z","packets_sent":"358","reporter":"DEST","rtt_msec":"133","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:03.062674441Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgq","jsonPayload":{"bytes_sent":"5220","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33876},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933338264Z","packets_sent":"86","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466706102Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"bxuq05fhgmw9d","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":41818},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:13.478093057Z","packets_sent":"4","reporter":"DEST","rtt_msec":"1350","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:11.031370298Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw90","jsonPayload":{"bytes_sent":"4580","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33524},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461240929Z","packets_sent":"60","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.789945697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8w","jsonPayload":{"bytes_sent":"270437","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65322},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.408936364Z","packets_sent":"668","reporter":"DEST","rtt_msec":"92","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.703392247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw94","jsonPayload":{"bytes_sent":"19019","connection":{"dest_ip":"203.0.113.58","dest_port":65322,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:55.408936364Z","packets_sent":"604","reporter":"SRC","rtt_msec":"92","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.703392247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8x","jsonPayload":{"bytes_sent":"16208","connection":{"dest_ip":"10.87.40.76","dest_port":33568,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789269849Z","packets_sent":"80","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.455711202Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8v","jsonPayload":{"bytes_sent":"9800","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789269849Z","packets_sent":"120","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.455711202Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8z","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58026},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:09.114674887Z","packets_sent":"7","reporter":"DEST","rtt_msec":"40","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:08.995009558Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9b","jsonPayload":{"bytes_sent":"19506","connection":{"dest_ip":"10.87.40.76","dest_port":33564,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597223164Z","packets_sent":"180","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866699945Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8y","jsonPayload":{"bytes_sent":"1496","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":32882},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:07.811355936Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:07.689331553Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9e","jsonPayload":{"bytes_sent":"155675","connection":{"dest_ip":"192.0.2.177","dest_port":60126,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.101129310Z","packets_sent":"288","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.019841536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw98","jsonPayload":{"bytes_sent":"1791","connection":{"dest_ip":"203.0.113.27","dest_port":32882,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:07.811355936Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:07.689331553Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw96","jsonPayload":{"bytes_sent":"28304484","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.212","src_port":39568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:02.085146013Z","packets_sent":"2400","reporter":"DEST","rtt_msec":"15","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:00.480787267Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw99","jsonPayload":{"bytes_sent":"2962242","connection":{"dest_ip":"203.0.113.212","dest_port":39568,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:02.085146013Z","packets_sent":"1340","reporter":"SRC","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.480787267Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw93","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58026,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:09.114674887Z","packets_sent":"7","reporter":"SRC","rtt_msec":"40","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:08.995009558Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9f","jsonPayload":{"bytes_sent":"9611","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33874},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933323342Z","packets_sent":"101","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510575555Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9j","jsonPayload":{"bytes_sent":"318481","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33564},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597223164Z","packets_sent":"181","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866699945Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw97","jsonPayload":{"bytes_sent":"139359","connection":{"dest_ip":"10.87.40.76","dest_port":33874,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933323342Z","packets_sent":"70","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510575555Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9i","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60640},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:50.942543211Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:50.830164366Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9c","jsonPayload":{"bytes_sent":"45","connection":{"dest_ip":"198.51.100.182","dest_port":41818,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:43:16.809366809Z","packets_sent":"9","reporter":"SRC","rtt_msec":"1350","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:11.031370298Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9h","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":60640,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:50.942543211Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:50.830164366Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw92","jsonPayload":{"bytes_sent":"358920","connection":{"dest_ip":"10.87.40.76","dest_port":33966,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"61","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510534141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8u","jsonPayload":{"bytes_sent":"653827","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53104},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:45.312543839Z","packets_sent":"286","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.188944581Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9g","jsonPayload":{"bytes_sent":"5220","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33966},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"81","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510534141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw91","jsonPayload":{"bytes_sent":"31140","connection":{"dest_ip":"10.87.40.76","dest_port":33524,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461240929Z","packets_sent":"40","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.789945697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw95","jsonPayload":{"bytes_sent":"1610630","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60126},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.101129310Z","packets_sent":"509","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.019841536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9a","jsonPayload":{"bytes_sent":"37145","connection":{"dest_ip":"198.51.100.88","dest_port":53104,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:45.312543839Z","packets_sent":"158","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.188944581Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"198begsfh44xy3","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":53972},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:20.748121914Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:20.634231041Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxt","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58100},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:20.632737426Z","packets_sent":"7","reporter":"DEST","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:20.512264850Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58100,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:20.632777660Z","packets_sent":"7","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:20.512407536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy9","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":60756,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:11.032929292Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:10.912193869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxr","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":14236},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:12.064908439Z","packets_sent":"3","reporter":"DEST","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:08.247072525Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy2","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":60122,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:39.207635184Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:39.087226326Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy6","jsonPayload":{"bytes_sent":"1782","connection":{"dest_ip":"203.0.113.12","dest_port":53972,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:20.748121914Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:20.634231041Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxx","jsonPayload":{"bytes_sent":"68545","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33530},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.205089801Z","packets_sent":"368","reporter":"DEST","rtt_msec":"163","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140301693Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy4","jsonPayload":{"bytes_sent":"74613","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65274},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"745","reporter":"DEST","rtt_msec":"209","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:01.270996793Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy1","jsonPayload":{"bytes_sent":"74942","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":53879},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"726","reporter":"DEST","rtt_msec":"176","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760414869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxp","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34450},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:38.299054333Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:38.189569840Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxv","jsonPayload":{"bytes_sent":"121593","connection":{"dest_ip":"203.0.113.58","dest_port":65274,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"610","reporter":"SRC","rtt_msec":"209","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.270996793Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy7","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:39.777977145Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:39.653136947Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxs","jsonPayload":{"bytes_sent":"177471","connection":{"dest_ip":"203.0.113.134","dest_port":33530,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.205194199Z","packets_sent":"246","reporter":"SRC","rtt_msec":"163","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140301693Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxq","jsonPayload":{"bytes_sent":"53315","connection":{"dest_ip":"203.0.113.58","dest_port":65275,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316847800Z","packets_sent":"588","reporter":"SRC","rtt_msec":"82","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.565734921Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxz","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34450,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:38.299054333Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:38.189569840Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxy","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60122},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:39.207635184Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:39.087226326Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxu","jsonPayload":{"bytes_sent":"102119","connection":{"dest_ip":"203.0.113.58","dest_port":53879,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"608","reporter":"SRC","rtt_msec":"176","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760414869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxo","jsonPayload":{"bytes_sent":"1794","connection":{"dest_ip":"203.0.113.27","dest_port":60968,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:39.777977145Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:39.653136947Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy0","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":60756},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:11.032929292Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:10.912193869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxw","jsonPayload":{"bytes_sent":"67013","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65275},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316847800Z","packets_sent":"710","reporter":"DEST","rtt_msec":"82","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.565734921Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy5","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"198.51.100.182","dest_port":14236,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:40:09.257387426Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.247072525Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"19im82tfdygznq","jsonPayload":{"bytes_sent":"64427","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33542},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"351","reporter":"DEST","rtt_msec":"173","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150870105Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn6","jsonPayload":{"bytes_sent":"183366","connection":{"dest_ip":"10.87.40.76","dest_port":33690,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"242","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075665334Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznk","jsonPayload":{"bytes_sent":"185295","connection":{"dest_ip":"10.87.40.76","dest_port":33562,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:49.549471457Z","packets_sent":"244","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznm","jsonPayload":{"bytes_sent":"68961","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":49438},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220725956Z","packets_sent":"711","reporter":"DEST","rtt_msec":"114","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.398463104Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzob","jsonPayload":{"bytes_sent":"62072","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33532},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"360","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072372604Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznc","jsonPayload":{"bytes_sent":"198326","connection":{"dest_ip":"10.87.40.76","dest_port":33590,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.146956782Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznj","jsonPayload":{"bytes_sent":"61436","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33550},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo5","jsonPayload":{"bytes_sent":"66791","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33690},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"355","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075665334Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzod","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":54812},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:20.708994883Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:20.595119257Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzna","jsonPayload":{"bytes_sent":"64466","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33562},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:49.549471457Z","packets_sent":"363","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzng","jsonPayload":{"bytes_sent":"174524","connection":{"dest_ip":"10.87.40.76","dest_port":33968,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965294083Z","packets_sent":"66","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480272197Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo1","jsonPayload":{"bytes_sent":"181624065","connection":{"dest_ip":"10.49.136.133","dest_port":52780,"protocol":6,"src_ip":"203.0.113.228","src_port":9243},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:58.592579489Z","packets_sent":"28344","reporter":"DEST","rtt_msec":"91","src_location":{"asn":16509,"city":"Boardman","continent":"America","country":"usa","region":"Oregon"},"start_time":"2019-06-14T03:40:17.183499423Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo8","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":51348},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:20.754300982Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:20.630975303Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoa","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"192.0.2.12","dest_port":44128,"protocol":6,"src_ip":"10.73.186.17","src_port":22},"dest_location":{"asn":4837,"city":"Binzhou","continent":"Asia","country":"chn","region":"Shandong"},"end_time":"2019-06-14T03:45:22.081121292Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:22.080963433Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn7","jsonPayload":{"bytes_sent":"11137","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965294083Z","packets_sent":"95","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480272197Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznf","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":54812,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:20.708994883Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:20.595119257Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzni","jsonPayload":{"bytes_sent":"21792","connection":{"dest_ip":"203.0.113.134","dest_port":33564,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597079770Z","packets_sent":"186","reporter":"SRC","rtt_msec":"340","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866944869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzns","jsonPayload":{"bytes_sent":"74370","connection":{"dest_ip":"203.0.113.58","dest_port":49438,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220725956Z","packets_sent":"580","reporter":"SRC","rtt_msec":"114","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.398463104Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznp","jsonPayload":{"bytes_sent":"138337","connection":{"dest_ip":"10.87.40.76","dest_port":33550,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"244","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo9","jsonPayload":{"bytes_sent":"30062","connection":{"dest_ip":"192.0.2.177","dest_port":60110,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:46.020466750Z","packets_sent":"124","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:10.874529937Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo3","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":51348,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:20.754300982Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:20.630975303Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznz","jsonPayload":{"bytes_sent":"152218","connection":{"dest_ip":"203.0.113.134","dest_port":33560,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565026127Z","packets_sent":"243","reporter":"SRC","rtt_msec":"116","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.076060079Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo4","jsonPayload":{"bytes_sent":"143085","connection":{"dest_ip":"203.0.113.134","dest_port":33510,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565078274Z","packets_sent":"249","reporter":"SRC","rtt_msec":"352","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074688714Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznt","jsonPayload":{"bytes_sent":"61245","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33510},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565078274Z","packets_sent":"356","reporter":"DEST","rtt_msec":"352","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074688714Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznu","jsonPayload":{"bytes_sent":"65919","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33532},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"361","reporter":"DEST","rtt_msec":"270","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072555233Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo6","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"198.51.100.182","dest_port":41822,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:40:40.058368408Z","packets_sent":"4","reporter":"SRC","rtt_msec":"1439","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:12.068494835Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzno","jsonPayload":{"bytes_sent":"188997","connection":{"dest_ip":"203.0.113.134","dest_port":33532,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"251","reporter":"SRC","rtt_msec":"270","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072555233Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo0","jsonPayload":{"bytes_sent":"16783","connection":{"dest_ip":"203.0.113.134","dest_port":33568,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789035952Z","packets_sent":"79","reporter":"SRC","rtt_msec":"506","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.456732113Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznd","jsonPayload":{"bytes_sent":"18120","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33858},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"120","reporter":"SRC","rtt_msec":"4","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458361534Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn8","jsonPayload":{"bytes_sent":"64071","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33558},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"368","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140109489Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznw","jsonPayload":{"bytes_sent":"175465","connection":{"dest_ip":"198.51.100.88","dest_port":53106,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.401543207Z","packets_sent":"337","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.020290305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo2","jsonPayload":{"bytes_sent":"1987804","connection":{"dest_ip":"203.0.113.228","dest_port":9243,"protocol":6,"src_ip":"10.49.136.133","src_port":52780},"dest_location":{"asn":16509,"city":"Boardman","continent":"America","country":"usa","region":"Oregon"},"end_time":"2019-06-14T03:49:58.592579489Z","packets_sent":"26428","reporter":"SRC","rtt_msec":"91","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:17.183499423Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn9","jsonPayload":{"bytes_sent":"206824","connection":{"dest_ip":"10.87.40.76","dest_port":33532,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"242","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072372604Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznh","jsonPayload":{"bytes_sent":"14287","connection":{"dest_ip":"10.87.40.76","dest_port":33858,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"80","reporter":"DEST","rtt_msec":"4","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458361534Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzny","jsonPayload":{"bytes_sent":"59376","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33550},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108649Z","packets_sent":"354","reporter":"DEST","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.496238286Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoe","jsonPayload":{"bytes_sent":"11214","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789035952Z","packets_sent":"120","reporter":"DEST","rtt_msec":"506","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.456732113Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznn","jsonPayload":{"bytes_sent":"1763338","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53106},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.401543207Z","packets_sent":"598","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.020290305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznl","jsonPayload":{"bytes_sent":"67239","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33590},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"363","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.146956782Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznv","jsonPayload":{"bytes_sent":"250327","connection":{"dest_ip":"10.87.40.76","dest_port":33558,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"247","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140109489Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoc","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.73.186.17","dest_port":22,"protocol":6,"src_ip":"192.0.2.12","src_port":44128},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:22.318564382Z","packets_sent":"2","reporter":"DEST","src_location":{"asn":4837,"city":"Binzhou","continent":"Asia","country":"chn","region":"Shandong"},"start_time":"2019-06-14T03:45:22.080963433Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzof","jsonPayload":{"bytes_sent":"266531","connection":{"dest_ip":"203.0.113.134","dest_port":33542,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"253","reporter":"SRC","rtt_msec":"173","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150870105Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznr","jsonPayload":{"bytes_sent":"65184","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33560},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565026127Z","packets_sent":"358","reporter":"DEST","rtt_msec":"116","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.076060079Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznx","jsonPayload":{"bytes_sent":"319459","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33564},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597079770Z","packets_sent":"180","reporter":"DEST","rtt_msec":"340","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866944869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo7","jsonPayload":{"bytes_sent":"519100","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60110},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:46.020466750Z","packets_sent":"224","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:10.874529937Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznb","jsonPayload":{"bytes_sent":"139513","connection":{"dest_ip":"203.0.113.134","dest_port":33550,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108649Z","packets_sent":"243","reporter":"SRC","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143811431Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzne","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":41822},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:40.058226439Z","packets_sent":"8","reporter":"DEST","rtt_msec":"1439","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:12.068494835Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"1gq7q7afe373fw","jsonPayload":{"bytes_sent":"11109","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33572},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"105","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466742414Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373et","jsonPayload":{"bytes_sent":"173496","connection":{"dest_ip":"203.0.113.134","dest_port":33970,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821154389Z","packets_sent":"81","reporter":"SRC","rtt_msec":"308","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470006631Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f4","jsonPayload":{"bytes_sent":"182861","connection":{"dest_ip":"10.87.40.76","dest_port":33536,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"245","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150282980Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eo","jsonPayload":{"bytes_sent":"12145","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33570},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"94","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466779642Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fb","jsonPayload":{"bytes_sent":"178669","connection":{"dest_ip":"203.0.113.58","dest_port":65319,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220617595Z","packets_sent":"634","reporter":"SRC","rtt_msec":"62","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.740597880Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fs","jsonPayload":{"bytes_sent":"62066","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33540},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"359","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ei","jsonPayload":{"bytes_sent":"13440","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33970},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"96","reporter":"DEST","rtt_msec":"308","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470006631Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ez","jsonPayload":{"bytes_sent":"368131","connection":{"dest_ip":"203.0.113.134","dest_port":33966,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:50.800931420Z","packets_sent":"76","reporter":"SRC","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510698570Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fh","jsonPayload":{"bytes_sent":"66258","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"365","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150282980Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373es","jsonPayload":{"bytes_sent":"76976","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65276},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220621567Z","packets_sent":"749","reporter":"DEST","rtt_msec":"156","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760349279Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fu","jsonPayload":{"bytes_sent":"72967","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65319},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220617595Z","packets_sent":"747","reporter":"DEST","rtt_msec":"62","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.740597880Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f2","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":50364},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:08.797851544Z","packets_sent":"9","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:08.412738626Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ee","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"203.0.113.27","dest_port":50364,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:08.797851544Z","packets_sent":"8","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.412738626Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ey","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":33126},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:50.919744677Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:50.809605761Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373e7","jsonPayload":{"bytes_sent":"73215","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65318},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"747","reporter":"DEST","rtt_msec":"96","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760345858Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.12","dest_port":53096,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:20.813699795Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:20.700692281Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ec","jsonPayload":{"bytes_sent":"176465","connection":{"dest_ip":"10.87.40.76","dest_port":33570,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"65","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466779642Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f5","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.27","dest_port":33126,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:50.919744677Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:50.809605761Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f6","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":56478},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:20.566586739Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:20.450631492Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fo","jsonPayload":{"bytes_sent":"32764","connection":{"dest_ip":"198.51.100.88","dest_port":52430,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:53.081386115Z","packets_sent":"228","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:07.968717244Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ek","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34536,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:51.162931667Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:51.050074134Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fj","jsonPayload":{"bytes_sent":"137855","connection":{"dest_ip":"10.87.40.76","dest_port":33572,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"72","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466742414Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fm","jsonPayload":{"bytes_sent":"125197","connection":{"dest_ip":"10.87.40.76","dest_port":33540,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"242","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eg","jsonPayload":{"bytes_sent":"917832","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53096},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.219496168Z","packets_sent":"230","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.853096315Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fc","jsonPayload":{"bytes_sent":"55572","connection":{"dest_ip":"198.51.100.88","dest_port":53096,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.219496168Z","packets_sent":"133","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.853096315Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eq","jsonPayload":{"bytes_sent":"4615","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33966},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821049800Z","packets_sent":"75","reporter":"DEST","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510698570Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ev","jsonPayload":{"bytes_sent":"75612","connection":{"dest_ip":"203.0.113.58","dest_port":65318,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"583","reporter":"SRC","rtt_msec":"96","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760345858Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373em","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:51.162931667Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:51.050074134Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ew","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":56478,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:20.566586739Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:20.450631492Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373e9","jsonPayload":{"bytes_sent":"64140","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33694},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"371","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566359759Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f9","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":53096},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:20.813699795Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:20.700692281Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f1","jsonPayload":{"bytes_sent":"231764","connection":{"dest_ip":"10.87.40.76","dest_port":33694,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"251","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566359759Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ff","jsonPayload":{"bytes_sent":"107878","connection":{"dest_ip":"203.0.113.58","dest_port":65276,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220621567Z","packets_sent":"614","reporter":"SRC","rtt_msec":"156","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760349279Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fq","jsonPayload":{"bytes_sent":"595838","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":52430},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:53.081386115Z","packets_sent":"299","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:07.968717244Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"14iipwlfd8t01n","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":56410,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:10.630345069Z","packets_sent":"7","reporter":"SRC","rtt_msec":"37","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:10.514594429Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01j","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":51950,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:50.757658840Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:50.645030007Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01o","jsonPayload":{"bytes_sent":"361966","connection":{"dest_ip":"203.0.113.134","dest_port":33876,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933154111Z","packets_sent":"80","reporter":"SRC","rtt_msec":"34","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466868771Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01p","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":51950},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:50.757658840Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:50.645030007Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01e","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58658,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:50.856250208Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:50.733935895Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01q","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":59924},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:08.213471928Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:08.092659117Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01i","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58658},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:50.856250208Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:50.733935895Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01k","jsonPayload":{"bytes_sent":"123732","connection":{"dest_ip":"203.0.113.58","dest_port":65272,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316981133Z","packets_sent":"618","reporter":"SRC","rtt_msec":"123","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.403442252Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01f","jsonPayload":{"bytes_sent":"76342","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65273},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316930467Z","packets_sent":"710","reporter":"DEST","rtt_msec":"115","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.155378287Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t018","jsonPayload":{"bytes_sent":"9761","connection":{"dest_ip":"192.0.2.73","dest_port":45224,"protocol":6,"src_ip":"10.73.186.17","src_port":22},"dest_location":{"asn":4847,"city":"Beijing","continent":"Asia","country":"chn","region":"Beijing"},"end_time":"2019-06-14T03:44:23.955039461Z","packets_sent":"13","reporter":"SRC","rtt_msec":"242","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:23.705320616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01a","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":56410},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:10.630345069Z","packets_sent":"7","reporter":"DEST","rtt_msec":"37","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:10.514594429Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t017","jsonPayload":{"bytes_sent":"51612","connection":{"dest_ip":"203.0.113.58","dest_port":65277,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316890309Z","packets_sent":"615","reporter":"SRC","rtt_msec":"95","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760385211Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01m","jsonPayload":{"bytes_sent":"74330","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65272},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316981133Z","packets_sent":"745","reporter":"DEST","rtt_msec":"123","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.403442252Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t015","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"203.0.113.12","dest_port":59924,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:08.213471928Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:08.092659117Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01h","jsonPayload":{"bytes_sent":"76622","connection":{"dest_ip":"203.0.113.58","dest_port":65273,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316930467Z","packets_sent":"599","reporter":"SRC","rtt_msec":"115","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.155378287Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t019","jsonPayload":{"bytes_sent":"42","connection":{"dest_ip":"10.73.186.17","dest_port":22,"protocol":6,"src_ip":"192.0.2.73","src_port":45224},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:24.922448897Z","packets_sent":"5","reporter":"DEST","rtt_msec":"242","src_location":{"asn":4847,"city":"Beijing","continent":"Asia","country":"chn","region":"Beijing"},"start_time":"2019-06-14T03:42:23.705320616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t016","jsonPayload":{"bytes_sent":"75263","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65277},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316890309Z","packets_sent":"729","reporter":"DEST","rtt_msec":"95","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760385211Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01c","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":34646,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:10.529592195Z","packets_sent":"7","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:10.413494375Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01d","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":34646},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:10.529541195Z","packets_sent":"7","reporter":"DEST","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:10.413397239Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01g","jsonPayload":{"bytes_sent":"5044","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33876},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933154111Z","packets_sent":"87","reporter":"DEST","rtt_msec":"34","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466868771Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01l","jsonPayload":{"bytes_sent":"14132","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33574},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"91","reporter":"DEST","rtt_msec":"509","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.468484109Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01b","jsonPayload":{"bytes_sent":"151213","connection":{"dest_ip":"203.0.113.134","dest_port":33574,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821129119Z","packets_sent":"68","reporter":"SRC","rtt_msec":"509","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.468484109Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml new file mode 100644 index 00000000000..93f417d123a --- /dev/null +++ b/packages/gcp/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.0.1" + changes: + - description: initial release + type: enhancement # can be one of: enhancement, bugfix, breaking-change + link: https://github.com/elastic/integrations/pull/459 diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log new file mode 100644 index 00000000000..9c228890527 --- /dev/null +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log @@ -0,0 +1,7 @@ +{"insertId":"-uihnmjctwo","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"resourcemanager.projects.get","resource":"projects/elastic-beats","resourceAttributes":{}}],"methodName":"GetResourceBillingInfo","request":{"@type":"type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest","resourceName":"projects/189716325846"},"requestMetadata":{"callerIp":"192.168.1.1","destinationAttributes":{},"requestAttributes":{}},"resourceName":"projects/elastic-beats","serviceName":"cloudbilling.googleapis.com","status":{}},"receiveTimestamp":"2019-12-19T00:49:36.313482371Z","resource":{"labels":{"project_id":"elastic-beats"},"type":"project"},"severity":"INFO","timestamp":"2019-12-19T00:49:36.086Z"} +{"insertId":"-h6onuze1h7dg","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":false,"permission":"compute.machineTypes.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.machineTypes.aggregatedList","numResponseItems":"71","request":{"@type":"type.googleapis.com/compute.machineTypes.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:45:51.711Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/machineTypes","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:45:52.367887078Z","resource":{"labels":{"location":"global","method":"compute.machineTypes.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:45:51.228Z"} +{"insertId":"yonau2dg2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"response":{"@type":"core.k8s.io/v1.Status","apiVersion":"v1","details":{"group":"batch","kind":"jobs","name":"gsuite-exporter-1589294700","uid":"2beff34a-945f-11ea-bacf-42010a80007f"},"kind":"Status","metadata":{},"status":"Success"},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} +{"insertId":"yonau3dc2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com","status":{"code":7,"message":"PERMISSION_DENIED"}},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} +{"insertId":"87efd529-6349-45d2-b905-fc607e6c5d3b","labels":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"cert-manager-webhook:auth-delegator\" of ClusterRole \"system:auth-delegator\" to ServiceAccount \"cert-manager-webhook/cert-manager\""},"logName":"projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access","operation":{"first":true,"id":"5555555-6349-45d2-b905-fc607e6c5d3b","last":true,"producer":"k8s.io"},"protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"system:serviceaccount:cert-manager:cert-manager-webhook"},"authorizationInfo":[{"granted":true,"permission":"io.k8s.authorization.v1beta1.subjectaccessreviews.create","resource":"authorization.k8s.io/v1beta1/subjectaccessreviews"}],"methodName":"io.k8s.authorization.v1beta1.subjectaccessreviews.create","request":{"@type":"authorization.k8s.io/v1beta1.SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","kind":"SubjectAccessReview","metadata":{"creationTimestamp":null},"spec":{"group":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"nonResourceAttributes":{"path":"/apis/webhook.cert-manager.io/v1beta1","verb":"get"},"user":"system:serviceaccount:kube-system:resourcequota-controller"},"status":{"allowed":false}},"requestMetadata":{"callerIp":"10.11.12.13","callerSuppliedUserAgent":"webhook/v0.0.0 (linux/amd64) kubernetes/$Format"},"resourceName":"authorization.k8s.io/v1beta1/subjectaccessreviews","response":{"@type":"authorization.k8s.io/v1beta1.SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","kind":"SubjectAccessReview","metadata":{"creationTimestamp":null},"spec":{"group":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"nonResourceAttributes":{"path":"/apis/webhook.cert-manager.io/v1beta1","verb":"get"},"user":"system:serviceaccount:kube-system:resourcequota-controller"},"status":{"allowed":true,"reason":"RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\""}},"serviceName":"k8s.io","status":{"code":0}},"receiveTimestamp":"2020-08-05T21:07:32.157698684Z","resource":{"labels":{"cluster_name":"analysis-cluster","location":"us-central1-a","project_id":"elastic-siem"},"type":"k8s_cluster"},"timestamp":"2020-08-05T21:07:30.974750Z"} +{"insertId":"v2spcwdzmc2","logName":"projects/foo/logs/cloudaudit.googleapis.com%2Factivity","operation":{"first":true,"id":"operation-1596664766354-5ac287c395484-fa3923bd-543e018e","producer":"compute.googleapis.com"},"protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"user@mycompany.com"},"authorizationInfo":[{"granted":true,"permission":"compute.images.create","resourceAttributes":{"name":"projects/foo/global/images/windows-server-2016-v20200805","service":"compute","type":"compute.images"}}],"methodName":"v1.compute.images.insert","request":{"@type":"type.googleapis.com/compute.images.insert","family":"windows-server-2016","guestOsFeatures":[{"type":"VIRTIO_SCSI_MULTIQUEUE"},{"type":"WINDOWS"}],"name":"windows-server-2016-v20200805","rawDisk":{"source":"https://storage.googleapis.com/storage/v1/b/foo/o/windows-server-2016-v20200805.tar.gz"},"sourceType":"RAW"},"requestMetadata":{"callerIp":"1.2.3.4","callerSuppliedUserAgent":"google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2020-08-05T21:59:27.515Z"}},"resourceLocation":{"currentLocations":["eu"]},"resourceName":"projects/foo/global/images/windows-server-2016-v20200805","response":{"@type":"type.googleapis.com/operation","id":"44919313","insertTime":"2020-08-05T14:59:27.259-07:00","name":"operation-1596664766354-5ac287c395484-fa3923bd-543e018e","operationType":"insert","progress":"0","selfLink":"https://www.googleapis.com/compute/v1/projects/foo/global/operations/operation-1596664766354-5ac287c395484-fa3923bd-543e018e","selfLinkWithId":"https://www.googleapis.com/compute/v1/projects/foo/global/operations/4491931805423146320","startTime":"2020-08-05T14:59:27.274-07:00","status":"RUNNING","targetId":"12345","targetLink":"https://www.googleapis.com/compute/v1/projects/foo/global/images/windows-server-2016-v20200805","user":"user@mycompany.com"},"serviceName":"compute.googleapis.com"},"receiveTimestamp":"2020-08-05T21:59:27.822546978Z","resource":{"labels":{"image_id":"771879043","project_id":"foo"},"type":"gce_image"},"severity":"NOTICE","timestamp":"2020-08-05T21:59:26.456Z"} +{"insertId":"-c7ctxmd2zab","logName":"projects/foo/logs/cloudaudit.googleapis.com%2Factivity","operation":{"id":"operation-1596646123456-5ac2438b775f6-f8ca1382-e70b6831","last":true,"producer":"compute.googleapis.com"},"protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"user@mycompany.com"},"methodName":"beta.compute.instances.stop","request":{"@type":"type.googleapis.com/compute.instances.stop"},"requestMetadata":{"callerIp":"2.3.4.5","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)"},"resourceName":"projects/foo/zones/us-central1-a/instances/win10-test","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2020-08-05T16:56:41.315135528Z","resource":{"labels":{"instance_id":"590261181","project_id":"foo","zone":"us-central1-a"},"type":"gce_instance"},"severity":"NOTICE","timestamp":"2020-08-05T16:56:40.428Z"} diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-config.json b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-config.json new file mode 100644 index 00000000000..f71947c2f04 --- /dev/null +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-config.json @@ -0,0 +1,5 @@ +{ + "dynamic_fields": { + "event.ingested": ".*" + } +} \ No newline at end of file diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json new file mode 100644 index 00000000000..aa4d0991e3e --- /dev/null +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -0,0 +1,568 @@ +{ + "expected": [ + { + "cloud": { + "project": { + "id": "elastic-beats" + } + }, + "@timestamp": "2019-12-19T00:49:36.086Z", + "ecs": { + "version": "1.8.0" + }, + "log": { + "logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access" + }, + "gcp": { + "audit": { + "request": { + "resource_name": "projects/189716325846", + "proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest" + }, + "authentication_info": { + "principal_email": "xxx@xxx.xxx" + }, + "method_name": "GetResourceBillingInfo", + "request_metadata": { + "caller_ip": "192.168.1.1" + }, + "service_name": "cloudbilling.googleapis.com", + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "permission": "resourcemanager.projects.get", + "resource_attributes": {}, + "resource": "projects/elastic-beats", + "granted": true + } + ], + "resource_name": "projects/elastic-beats" + } + }, + "service": { + "name": "cloudbilling.googleapis.com" + }, + "source": { + "ip": "192.168.1.1" + }, + "event": { + "action": "GetResourceBillingInfo", + "ingested": "2021-02-19T09:19:47.732205800Z", + "original": "{\"insertId\":\"-uihnmjctwo\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"resourcemanager.projects.get\",\"resource\":\"projects/elastic-beats\",\"resourceAttributes\":{}}],\"methodName\":\"GetResourceBillingInfo\",\"request\":{\"@type\":\"type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest\",\"resourceName\":\"projects/189716325846\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"destinationAttributes\":{},\"requestAttributes\":{}},\"resourceName\":\"projects/elastic-beats\",\"serviceName\":\"cloudbilling.googleapis.com\",\"status\":{}},\"receiveTimestamp\":\"2019-12-19T00:49:36.313482371Z\",\"resource\":{\"labels\":{\"project_id\":\"elastic-beats\"},\"type\":\"project\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:49:36.086Z\"}", + "id": "-uihnmjctwo", + "kind": "event", + "outcome": "success" + }, + "user": { + "email": "xxx@xxx.xxx" + } + }, + { + "log": { + "logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access" + }, + "source": { + "ip": "192.168.1.1" + }, + "cloud": { + "project": { + "id": "elastic-beats" + } + }, + "@timestamp": "2019-12-19T00:45:51.228Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList" + }, + "authentication_info": { + "principal_email": "xxx@xxx.xxx" + }, + "method_name": "beta.compute.machineTypes.aggregatedList", + "request_metadata": { + "caller_ip": "192.168.1.1", + "caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)" + }, + "service_name": "compute.googleapis.com", + "num_response_items": 71, + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource_attributes": { + "name": "projects/elastic-beats", + "type": "resourcemanager.projects", + "service": "resourcemanager" + }, + "permission": "compute.machineTypes.list", + "granted": false + } + ], + "resource_name": "projects/elastic-beats/global/machineTypes", + "resource_location": { + "current_locations": [ + "global" + ] + } + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "beta.compute.machineTypes.aggregatedList", + "ingested": "2021-02-19T09:19:47.732217200Z", + "original": "{\"insertId\":\"-h6onuze1h7dg\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":false,\"permission\":\"compute.machineTypes.list\",\"resourceAttributes\":{\"name\":\"projects/elastic-beats\",\"service\":\"resourcemanager\",\"type\":\"resourcemanager.projects\"}}],\"methodName\":\"beta.compute.machineTypes.aggregatedList\",\"numResponseItems\":\"71\",\"request\":{\"@type\":\"type.googleapis.com/compute.machineTypes.aggregatedList\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2019-12-19T00:45:51.711Z\"}},\"resourceLocation\":{\"currentLocations\":[\"global\"]},\"resourceName\":\"projects/elastic-beats/global/machineTypes\",\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2019-12-19T00:45:52.367887078Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"compute.machineTypes.aggregatedList\",\"project_id\":\"elastic-beats\",\"service\":\"compute.googleapis.com\",\"version\":\"beta\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:45:51.228Z\"}", + "id": "-h6onuze1h7dg", + "kind": "event", + "outcome": "failure" + }, + "user": { + "email": "xxx@xxx.xxx" + }, + "user_agent": { + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "10.15", + "full": "Mac OS X 10.15" + }, + "device": { + "name": "Mac" + }, + "version": "71.0." + } + }, + { + "log": { + "logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access" + }, + "source": { + "ip": "192.168.1.1" + }, + "cloud": { + "project": { + "id": "elastic-beats" + } + }, + "@timestamp": "2019-12-19T00:44:25.051Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "proto_name": "type.googleapis.com/compute.instances.aggregatedList" + }, + "authentication_info": { + "principal_email": "xxx@xxx.xxx" + }, + "method_name": "beta.compute.instances.aggregatedList", + "request_metadata": { + "caller_ip": "192.168.1.1", + "caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)" + }, + "response": { + "proto_name": "core.k8s.io/v1.Status", + "details": { + "name": "gsuite-exporter-1589294700", + "uid": "2beff34a-945f-11ea-bacf-42010a80007f", + "kind": "jobs", + "group": "batch" + }, + "status": { + "value": "Success" + } + }, + "service_name": "compute.googleapis.com", + "num_response_items": 61, + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource_attributes": { + "name": "projects/elastic-beats", + "type": "resourcemanager.projects", + "service": "resourcemanager" + }, + "permission": "compute.instances.list", + "granted": true + } + ], + "resource_name": "projects/elastic-beats/global/instances", + "resource_location": { + "current_locations": [ + "global" + ] + } + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "beta.compute.instances.aggregatedList", + "ingested": "2021-02-19T09:19:47.732225500Z", + "original": "{\"insertId\":\"yonau2dg2zi\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"compute.instances.list\",\"resourceAttributes\":{\"name\":\"projects/elastic-beats\",\"service\":\"resourcemanager\",\"type\":\"resourcemanager.projects\"}}],\"methodName\":\"beta.compute.instances.aggregatedList\",\"numResponseItems\":\"61\",\"request\":{\"@type\":\"type.googleapis.com/compute.instances.aggregatedList\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2019-12-19T00:44:25.198Z\"}},\"response\":{\"@type\":\"core.k8s.io/v1.Status\",\"apiVersion\":\"v1\",\"details\":{\"group\":\"batch\",\"kind\":\"jobs\",\"name\":\"gsuite-exporter-1589294700\",\"uid\":\"2beff34a-945f-11ea-bacf-42010a80007f\"},\"kind\":\"Status\",\"metadata\":{},\"status\":\"Success\"},\"resourceLocation\":{\"currentLocations\":[\"global\"]},\"resourceName\":\"projects/elastic-beats/global/instances\",\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2019-12-19T00:44:25.262379373Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"compute.instances.aggregatedList\",\"project_id\":\"elastic-beats\",\"service\":\"compute.googleapis.com\",\"version\":\"beta\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:44:25.051Z\"}", + "id": "yonau2dg2zi", + "kind": "event", + "outcome": "success" + }, + "user": { + "email": "xxx@xxx.xxx" + }, + "user_agent": { + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "10.15", + "full": "Mac OS X 10.15" + }, + "device": { + "name": "Mac" + }, + "version": "71.0." + } + }, + { + "log": { + "logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access" + }, + "source": { + "ip": "192.168.1.1" + }, + "cloud": { + "project": { + "id": "elastic-beats" + } + }, + "@timestamp": "2019-12-19T00:44:25.051Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "proto_name": "type.googleapis.com/compute.instances.aggregatedList" + }, + "authentication_info": { + "principal_email": "xxx@xxx.xxx" + }, + "method_name": "beta.compute.instances.aggregatedList", + "request_metadata": { + "caller_ip": "192.168.1.1", + "caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)" + }, + "service_name": "compute.googleapis.com", + "num_response_items": 61, + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource_attributes": { + "name": "projects/elastic-beats", + "type": "resourcemanager.projects", + "service": "resourcemanager" + }, + "permission": "compute.instances.list" + } + ], + "resource_name": "projects/elastic-beats/global/instances", + "resource_location": { + "current_locations": [ + "global" + ] + }, + "status": { + "message": "PERMISSION_DENIED", + "code": 7 + } + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "beta.compute.instances.aggregatedList", + "ingested": "2021-02-19T09:19:47.732230400Z", + "original": "{\"insertId\":\"yonau3dc2zi\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"permission\":\"compute.instances.list\",\"resourceAttributes\":{\"name\":\"projects/elastic-beats\",\"service\":\"resourcemanager\",\"type\":\"resourcemanager.projects\"}}],\"methodName\":\"beta.compute.instances.aggregatedList\",\"numResponseItems\":\"61\",\"request\":{\"@type\":\"type.googleapis.com/compute.instances.aggregatedList\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2019-12-19T00:44:25.198Z\"}},\"resourceLocation\":{\"currentLocations\":[\"global\"]},\"resourceName\":\"projects/elastic-beats/global/instances\",\"serviceName\":\"compute.googleapis.com\",\"status\":{\"code\":7,\"message\":\"PERMISSION_DENIED\"}},\"receiveTimestamp\":\"2019-12-19T00:44:25.262379373Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"compute.instances.aggregatedList\",\"project_id\":\"elastic-beats\",\"service\":\"compute.googleapis.com\",\"version\":\"beta\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:44:25.051Z\"}", + "id": "yonau3dc2zi", + "kind": "event", + "outcome": "failure" + }, + "user": { + "email": "xxx@xxx.xxx" + }, + "user_agent": { + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "10.15", + "full": "Mac OS X 10.15" + }, + "device": { + "name": "Mac" + }, + "version": "71.0." + } + }, + { + "log": { + "logger": "projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access" + }, + "source": { + "ip": "10.11.12.13" + }, + "cloud": { + "project": { + "id": "elastic-siem" + } + }, + "@timestamp": "2020-08-05T21:07:30.974Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview" + }, + "authentication_info": { + "principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook" + }, + "method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", + "request_metadata": { + "caller_ip": "10.11.12.13", + "caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format" + }, + "response": { + "proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "status": { + "reason": "RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"", + "allowed": true + } + }, + "service_name": "k8s.io", + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource": "authorization.k8s.io/v1beta1/subjectaccessreviews", + "permission": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", + "granted": true + } + ], + "resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", + "status": { + "code": 0 + } + } + }, + "service": { + "name": "k8s.io" + }, + "event": { + "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", + "ingested": "2021-02-19T09:19:47.732234200Z", + "original": "{\"insertId\":\"87efd529-6349-45d2-b905-fc607e6c5d3b\",\"labels\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"cert-manager-webhook:auth-delegator\\\" of ClusterRole \\\"system:auth-delegator\\\" to ServiceAccount \\\"cert-manager-webhook/cert-manager\\\"\"},\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access\",\"operation\":{\"first\":true,\"id\":\"5555555-6349-45d2-b905-fc607e6c5d3b\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"system:serviceaccount:cert-manager:cert-manager-webhook\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.authorization.v1beta1.subjectaccessreviews.create\",\"resource\":\"authorization.k8s.io/v1beta1/subjectaccessreviews\"}],\"methodName\":\"io.k8s.authorization.v1beta1.subjectaccessreviews.create\",\"request\":{\"@type\":\"authorization.k8s.io/v1beta1.SubjectAccessReview\",\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"kind\":\"SubjectAccessReview\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"group\":[\"system:serviceaccounts\",\"system:serviceaccounts:kube-system\",\"system:authenticated\"],\"nonResourceAttributes\":{\"path\":\"/apis/webhook.cert-manager.io/v1beta1\",\"verb\":\"get\"},\"user\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"status\":{\"allowed\":false}},\"requestMetadata\":{\"callerIp\":\"10.11.12.13\",\"callerSuppliedUserAgent\":\"webhook/v0.0.0 (linux/amd64) kubernetes/$Format\"},\"resourceName\":\"authorization.k8s.io/v1beta1/subjectaccessreviews\",\"response\":{\"@type\":\"authorization.k8s.io/v1beta1.SubjectAccessReview\",\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"kind\":\"SubjectAccessReview\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"group\":[\"system:serviceaccounts\",\"system:serviceaccounts:kube-system\",\"system:authenticated\"],\"nonResourceAttributes\":{\"path\":\"/apis/webhook.cert-manager.io/v1beta1\",\"verb\":\"get\"},\"user\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"status\":{\"allowed\":true,\"reason\":\"RBAC: allowed by ClusterRoleBinding \\\"system:discovery\\\" of ClusterRole \\\"system:discovery\\\" to Group \\\"system:authenticated\\\"\"}},\"serviceName\":\"k8s.io\",\"status\":{\"code\":0}},\"receiveTimestamp\":\"2020-08-05T21:07:32.157698684Z\",\"resource\":{\"labels\":{\"cluster_name\":\"analysis-cluster\",\"location\":\"us-central1-a\",\"project_id\":\"elastic-siem\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2020-08-05T21:07:30.974750Z\"}", + "id": "87efd529-6349-45d2-b905-fc607e6c5d3b", + "kind": "event", + "outcome": "success" + }, + "user": { + "email": "system:serviceaccount:cert-manager:cert-manager-webhook" + }, + "user_agent": { + "name": "Other", + "original": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", + "os": { + "name": "Linux" + }, + "device": { + "name": "Other" + } + } + }, + { + "log": { + "logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity" + }, + "source": { + "geo": { + "continent_name": "Europe", + "region_iso_code": "RU-MOW", + "city_name": "Moscow", + "country_iso_code": "RU", + "country_name": "Russia", + "region_name": "Moscow", + "location": { + "lon": 37.6172, + "lat": 55.7527 + } + }, + "ip": "1.2.3.4" + }, + "cloud": { + "project": { + "id": "foo" + } + }, + "@timestamp": "2020-08-05T21:59:26.456Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "name": "windows-server-2016-v20200805", + "proto_name": "type.googleapis.com/compute.images.insert" + }, + "authentication_info": { + "principal_email": "user@mycompany.com" + }, + "method_name": "v1.compute.images.insert", + "request_metadata": { + "caller_ip": "1.2.3.4", + "caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)" + }, + "response": { + "proto_name": "type.googleapis.com/operation", + "status": { + "value": "RUNNING" + } + }, + "service_name": "compute.googleapis.com", + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource_attributes": { + "name": "projects/foo/global/images/windows-server-2016-v20200805", + "type": "compute.images", + "service": "compute" + }, + "permission": "compute.images.create", + "granted": true + } + ], + "resource_name": "projects/foo/global/images/windows-server-2016-v20200805", + "resource_location": { + "current_locations": [ + "eu" + ] + } + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "v1.compute.images.insert", + "ingested": "2021-02-19T09:19:47.732239800Z", + "original": "{\"insertId\":\"v2spcwdzmc2\",\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Factivity\",\"operation\":{\"first\":true,\"id\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"producer\":\"compute.googleapis.com\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"user@mycompany.com\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"compute.images.create\",\"resourceAttributes\":{\"name\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"service\":\"compute\",\"type\":\"compute.images\"}}],\"methodName\":\"v1.compute.images.insert\",\"request\":{\"@type\":\"type.googleapis.com/compute.images.insert\",\"family\":\"windows-server-2016\",\"guestOsFeatures\":[{\"type\":\"VIRTIO_SCSI_MULTIQUEUE\"},{\"type\":\"WINDOWS\"}],\"name\":\"windows-server-2016-v20200805\",\"rawDisk\":{\"source\":\"https://storage.googleapis.com/storage/v1/b/foo/o/windows-server-2016-v20200805.tar.gz\"},\"sourceType\":\"RAW\"},\"requestMetadata\":{\"callerIp\":\"1.2.3.4\",\"callerSuppliedUserAgent\":\"google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2020-08-05T21:59:27.515Z\"}},\"resourceLocation\":{\"currentLocations\":[\"eu\"]},\"resourceName\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"response\":{\"@type\":\"type.googleapis.com/operation\",\"id\":\"44919313\",\"insertTime\":\"2020-08-05T14:59:27.259-07:00\",\"name\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"operationType\":\"insert\",\"progress\":\"0\",\"selfLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"selfLinkWithId\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/4491931805423146320\",\"startTime\":\"2020-08-05T14:59:27.274-07:00\",\"status\":\"RUNNING\",\"targetId\":\"12345\",\"targetLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/images/windows-server-2016-v20200805\",\"user\":\"user@mycompany.com\"},\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2020-08-05T21:59:27.822546978Z\",\"resource\":{\"labels\":{\"image_id\":\"771879043\",\"project_id\":\"foo\"},\"type\":\"gce_image\"},\"severity\":\"NOTICE\",\"timestamp\":\"2020-08-05T21:59:26.456Z\"}", + "id": "v2spcwdzmc2", + "kind": "event", + "outcome": "success" + }, + "user": { + "email": "user@mycompany.com" + }, + "user_agent": { + "name": "Other", + "original": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "19.6.0", + "full": "Mac OS X 19.6.0" + }, + "device": { + "name": "Mac" + } + } + }, + { + "log": { + "logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity" + }, + "source": { + "geo": { + "continent_name": "Europe", + "region_iso_code": "FR-63", + "city_name": "Clermont-Ferrand", + "country_iso_code": "FR", + "country_name": "France", + "region_name": "Puy-de-Dôme", + "location": { + "lon": 3.0966, + "lat": 45.7838 + } + }, + "as": { + "number": 3215, + "organization": { + "name": "Orange" + } + }, + "ip": "2.3.4.5" + }, + "cloud": { + "project": { + "id": "foo" + }, + "instance": { + "id": "590261181" + } + }, + "@timestamp": "2020-08-05T16:56:40.428Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "proto_name": "type.googleapis.com/compute.instances.stop" + }, + "authentication_info": { + "principal_email": "user@mycompany.com" + }, + "method_name": "beta.compute.instances.stop", + "request_metadata": { + "caller_ip": "2.3.4.5", + "caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)" + }, + "service_name": "compute.googleapis.com", + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "resource_name": "projects/foo/zones/us-central1-a/instances/win10-test" + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "beta.compute.instances.stop", + "ingested": "2021-02-19T09:19:47.732245700Z", + "original": "{\"insertId\":\"-c7ctxmd2zab\",\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Factivity\",\"operation\":{\"id\":\"operation-1596646123456-5ac2438b775f6-f8ca1382-e70b6831\",\"last\":true,\"producer\":\"compute.googleapis.com\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"user@mycompany.com\"},\"methodName\":\"beta.compute.instances.stop\",\"request\":{\"@type\":\"type.googleapis.com/compute.instances.stop\"},\"requestMetadata\":{\"callerIp\":\"2.3.4.5\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)\"},\"resourceName\":\"projects/foo/zones/us-central1-a/instances/win10-test\",\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2020-08-05T16:56:41.315135528Z\",\"resource\":{\"labels\":{\"instance_id\":\"590261181\",\"project_id\":\"foo\",\"zone\":\"us-central1-a\"},\"type\":\"gce_instance\"},\"severity\":\"NOTICE\",\"timestamp\":\"2020-08-05T16:56:40.428Z\"}", + "id": "-c7ctxmd2zab", + "kind": "event", + "outcome": "unknown" + }, + "user": { + "email": "user@mycompany.com" + }, + "user_agent": { + "name": "Firefox", + "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "10.15", + "full": "Mac OS X 10.15" + }, + "device": { + "name": "Mac" + }, + "version": "79.0." + } + } + ] +} \ No newline at end of file diff --git a/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml new file mode 100644 index 00000000000..2c765770641 --- /dev/null +++ b/packages/gcp/data_stream/audit/_dev/test/system/test-pubsub-config.yml @@ -0,0 +1,10 @@ +service: gcppubsub-emulator +input: gcp-pubsub +vars: + alternative_host: "{{Hostname}}:{{Port}}" + credentials_json: '{\"fake\":\"creds\"}' + project_id: audit +data_stream: + vars: + subscription_name: subscription + topic: topic diff --git a/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs new file mode 100644 index 00000000000..bc6bc01b7e0 --- /dev/null +++ b/packages/gcp/data_stream/audit/agent/stream/gcp-pubsub.yml.hbs @@ -0,0 +1,20 @@ +project_id: {{project_id}} +topic: {{topic}} +subscription.name: {{subscription_name}} +{{#if credentials_file}} +credentials_file: {{credentials_file}} +{{/if}} +{{#if credentials_json}} +credentials_json: {{credentials_json}} +{{/if}} +{{#if alternative_host}} +alternative_host: {{alternative_host}} +{{/if}} +subscription.create: {{subscription_create}} +tags: + {{#each tags as |tag i|}} + - {{tag}} + {{/each}} +{{#contains tags "forwarded"}} +publisher_pipeline.disable_host: true +{{/contains}} diff --git a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..b00a9a94ec2 --- /dev/null +++ b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,227 @@ +--- +description: Pipeline for Google Cloud audit logs + +processors: + - json: + field: message + target_field: json + - set: + field: ecs.version + value: "1.8.0" + - set: + field: event.ingested + value: "{{_ingest.timestamp}}" + - set: + field: event.kind + value: event + - date: + field: json.timestamp + timezone: UTC + formats: + - ISO8601 + - rename: + field: message + target_field: event.original + ignore_missing: true + - rename: + field: json.logName + target_field: log.logger + ignore_missing: true + - set: + field: event.id + copy_from: json.insertId + ignore_empty_value: true + ignore_failure: true + - convert: + field: json.resource.labels.project_id + target_field: cloud.project.id + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: json.resource.labels.instance_id + target_field: cloud.instance.id + type: string + ignore_missing: true + ignore_failure: true + - rename: + field: "json.protoPayload.@type" + target_field: gcp.audit.type + ignore_missing: true + - rename: + field: json.protoPayload.authenticationInfo.principalEmail + target_field: gcp.audit.authentication_info.principal_email + ignore_missing: true + - set: + field: user.email + value: "{{gcp.audit.authentication_info.principal_email}}" + if: ctx?.gcp?.audit?.authentication_info?.principal_email != null + - rename: + field: json.protoPayload.authenticationInfo.authoritySelector + target_field: gcp.audit.authentication_info.authority_selector + ignore_missing: true + - rename: + field: json.protoPayload.authorizationInfo + target_field: gcp.audit.authorization_info + ignore_missing: true + - rename: + field: json.protoPayload.methodName + target_field: gcp.audit.method_name + ignore_missing: true + - set: + field: event.action + value: "{{gcp.audit.method_name}}" + if: ctx?.gcp?.audit?.method_name != null + - convert: + field: json.protoPayload.numResponseItems + target_field: gcp.audit.num_response_items + type: long + ignore_missing: true + - rename: + field: "json.protoPayload.request.@type" + target_field: gcp.audit.request.proto_name + ignore_missing: true + - rename: + field: json.protoPayload.request.filter + target_field: gcp.audit.request.filter + ignore_missing: true + - rename: + field: json.protoPayload.request.name + target_field: gcp.audit.request.name + ignore_missing: true + - rename: + field: json.protoPayload.request.resourceName + target_field: gcp.audit.request.resource_name + ignore_missing: true + - rename: + field: json.protoPayload.requestMetadata.callerIp + target_field: gcp.audit.request_metadata.caller_ip + ignore_missing: true + - set: + field: source.ip + value: "{{gcp.audit.request_metadata.caller_ip}}" + if: ctx?.gcp?.audit?.request_metadata?.caller_ip != null + - rename: + field: json.protoPayload.requestMetadata.callerSuppliedUserAgent + target_field: gcp.audit.request_metadata.caller_supplied_user_agent + ignore_missing: true + - set: + field: user_agent.original + value: "{{gcp.audit.request_metadata.caller_supplied_user_agent}}" + if: ctx?.gcp?.audit?.request_metadata?.caller_supplied_user_agent != null + - rename: + field: "json.protoPayload.response.@type" + target_field: gcp.audit.response.proto_name + ignore_missing: true + - rename: + field: json.protoPayload.response.status + target_field: gcp.audit.response.status + ignore_missing: true + - rename: + field: gcp.audit.response.status + target_field: gcp.audit.response.status.value + if: ctx?.gcp?.audit?.response?.status instanceof String + ignore_missing: true + - rename: + field: json.protoPayload.response.details.group + target_field: gcp.audit.response.details.group + ignore_missing: true + - rename: + field: json.protoPayload.response.details.kind + target_field: gcp.audit.response.details.kind + ignore_missing: true + - rename: + field: json.protoPayload.response.details.name + target_field: gcp.audit.response.details.name + ignore_missing: true + - rename: + field: json.protoPayload.response.details.uid + target_field: gcp.audit.response.details.uid + ignore_missing: true + - rename: + field: json.protoPayload.resourceName + target_field: gcp.audit.resource_name + ignore_missing: true + - rename: + field: json.protoPayload.resourceLocation.currentLocations + target_field: gcp.audit.resource_location.current_locations + ignore_missing: true + - rename: + field: json.protoPayload.serviceName + target_field: gcp.audit.service_name + ignore_missing: true + - set: + field: service.name + value: "{{gcp.audit.service_name}}" + if: ctx?.gcp?.audit?.service_name != null + - convert: + field: json.protoPayload.status.code + target_field: gcp.audit.status.code + type: long + ignore_missing: true + - foreach: + field: gcp.audit.authorization_info + ignore_missing: true + ignore_failure: true + processor: + rename: + field: _ingest._value.resourceAttributes + target_field: _ingest._value.resource_attributes + if: ctx?.gcp?.audit?.authorization_info != null && ctx?.gcp?.audit?.authorization_info instanceof List + - set: + field: event.outcome + value: success + if: ctx?.gcp?.audit?.status?.code != null && ctx?.gcp?.audit?.status?.code == 0 + - set: + field: event.outcome + value: failure + if: ctx?.gcp?.audit?.status?.code != null && ctx?.gcp?.audit?.status?.code != 0 + - set: + field: event.outcome + value: success + if: ctx?.gcp?.audit?.status?.code == null && ctx?.gcp?.audit?.authorization_info != null && ctx?.gcp?.audit?.authorization_info instanceof List && ctx?.gcp?.audit?.authorization_info.size() == 1 && ctx?.gcp?.audit?.authorization_info[0].granted + - set: + field: event.outcome + value: failure + if: ctx?.gcp?.audit?.status?.code == null && ctx?.gcp?.audit?.authorization_info != null && ctx?.gcp?.audit?.authorization_info instanceof List && ctx?.gcp?.audit?.authorization_info.size() == 1 && !ctx?.gcp?.audit?.authorization_info[0].granted + - set: + field: event.outcome + value: unknown + if: ctx?.event?.outcome == null + - rename: + field: json.protoPayload.status.message + target_field: gcp.audit.status.message + ignore_missing: true + - remove: + field: json + ignore_missing: true + - user_agent: + field: user_agent.original + ignore_missing: true + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/packages/gcp/data_stream/audit/fields/agent.yml b/packages/gcp/data_stream/audit/fields/agent.yml new file mode 100644 index 00000000000..da4e652c53b --- /dev/null +++ b/packages/gcp/data_stream/audit/fields/agent.yml @@ -0,0 +1,198 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: labels + level: extended + type: object + object_type: keyword + description: Image labels. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: architecture + level: core + type: keyword + ignore_above: 1024 + description: Operating system architecture. + example: x86_64 + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: id + level: core + type: keyword + ignore_above: 1024 + description: 'Unique host id. + + As hostname is not always unique, use values that are meaningful in your environment. + + Example: The current usage of `beat.name`.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: name + level: core + type: keyword + ignore_above: 1024 + description: 'Name of the host. + + It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: os.family + level: extended + type: keyword + ignore_above: 1024 + description: OS family (such as redhat, debian, freebsd, windows). + example: debian + - name: os.kernel + level: extended + type: keyword + ignore_above: 1024 + description: Operating system kernel version as a raw string. + example: 4.4.0-112-generic + - name: os.name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Operating system name, without the version. + example: Mac OS X + - name: os.platform + level: extended + type: keyword + ignore_above: 1024 + description: Operating system platform (such centos, ubuntu, windows). + example: darwin + - name: os.version + level: extended + type: keyword + ignore_above: 1024 + description: Operating system version as a raw string. + example: 10.14.1 + - name: type + level: core + type: keyword + ignore_above: 1024 + description: 'Type of host. + + For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + - name: containerized + type: boolean + description: > + If the host is a container. + + - name: os.build + type: keyword + example: "18D109" + description: > + OS build information. + + - name: os.codename + type: keyword + example: "stretch" + description: > + OS codename, if any. + diff --git a/packages/gcp/data_stream/audit/fields/base-fields.yml b/packages/gcp/data_stream/audit/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/gcp/data_stream/audit/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/gcp/data_stream/audit/fields/ecs.yml b/packages/gcp/data_stream/audit/fields/ecs.yml new file mode 100644 index 00000000000..7b8fda03b0e --- /dev/null +++ b/packages/gcp/data_stream/audit/fields/ecs.yml @@ -0,0 +1,202 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: container + title: Container + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: Container name. + ignore_above: 1024 + - name: runtime + level: extended + type: keyword + description: Runtime managing this container. + ignore_above: 1024 +- name: ecs.version + type: keyword + description: ECS version +- name: event + title: Event + group: 2 + type: group + fields: + - name: action + level: core + type: keyword + description: |- + The action captured by the event. + This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. + ignore_above: 1024 + - name: ingested + level: core + type: date + description: 'Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It''s also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`.' + - name: outcome + level: core + type: keyword + description: |- + This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. + Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. + Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. + ignore_above: 1024 +- name: input.type + type: keyword + description: Input type +- name: log.file.path + type: keyword + description: Log path +- name: log.offset + type: long + description: Log offset +- name: log.logger + type: keyword +- name: source + title: Source + group: 2 + type: group + fields: + - name: as.number + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + level: extended + type: long + - name: as.organization.name + description: Organization name. + ignore_above: 1024 + level: extended + type: keyword + multi_fields: + - name: text + type: text + norms: false + default_field: false + - name: geo.city_name + level: core + type: keyword + description: City name. + ignore_above: 1024 + - name: geo.continent_name + level: core + type: keyword + description: Name of the continent. + ignore_above: 1024 + - name: geo.country_iso_code + level: core + type: keyword + description: Country ISO code. + ignore_above: 1024 + - name: geo.country_name + description: Country name. + ignore_above: 1024 + level: core + type: keyword + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.region_iso_code + level: core + type: keyword + description: Region ISO code. + ignore_above: 1024 + - name: geo.region_name + level: core + type: keyword + description: Region name. + ignore_above: 1024 + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). +- name: service.name + level: core + type: keyword + ignore_above: 1024 + description: Name of the service data is collected from. +- name: tags + level: core + type: keyword + ignore_above: 1024 + description: List of keywords used to tag each event. +- name: user.email + level: extended + type: wildcard + description: User email address. +- name: user_agent + title: User agent + group: 2 + description: 'The user_agent fields normally come from a browser request. + + They often show up in web service logs coming from the parsed user agent string.' + type: group + fields: + - name: device.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the device. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the user agent. + - name: original + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + description: Unparsed user_agent string. + - name: os.family + level: extended + type: keyword + ignore_above: 1024 + description: OS family (such as redhat, debian, freebsd, windows). + - name: os.full + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Operating system name, including the version or code name. + - name: os.kernel + level: extended + type: keyword + ignore_above: 1024 + description: Operating system kernel version as a raw string. + - name: os.name + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Operating system name, without the version. + - name: os.platform + level: extended + type: keyword + ignore_above: 1024 + description: Operating system platform (such centos, ubuntu, windows). + - name: os.version + level: extended + type: keyword + ignore_above: 1024 + description: Operating system version as a raw string. + - name: version + level: extended + type: keyword + ignore_above: 1024 + description: Version of the user agent. diff --git a/packages/gcp/data_stream/audit/fields/fields.yml b/packages/gcp/data_stream/audit/fields/fields.yml new file mode 100644 index 00000000000..a0951af4e6f --- /dev/null +++ b/packages/gcp/data_stream/audit/fields/fields.yml @@ -0,0 +1,133 @@ +- name: gcp.audit + type: group + fields: + - name: type + type: keyword + description: | + Type property. + - name: authentication_info + type: group + fields: + - name: principal_email + type: keyword + description: "The email address of the authenticated user making the request. \n" + - name: authority_selector + type: keyword + description: "The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. \n" + - name: authorization_info + type: array + description: | + Authorization information for the operation. + fields: + - name: permission + type: keyword + description: "The required IAM permission. \n" + - name: granted + type: boolean + description: "Whether or not authorization for resource and permission was granted. \n" + - name: resource_attributes + type: group + fields: + - name: service + type: keyword + description: | + The name of the service. + - name: name + type: keyword + description: | + The name of the resource. + - name: type + type: keyword + description: | + The type of the resource. + - name: method_name + type: keyword + description: | + The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. + - name: num_response_items + type: long + description: | + The number of items returned from a List or Query API method, if applicable. + - name: request + type: group + fields: + - name: proto_name + type: keyword + description: | + Type property of the request. + - name: filter + type: keyword + description: | + Filter of the request. + - name: name + type: keyword + description: "Name of the request. \n" + - name: resource_name + type: keyword + description: "Name of the request resource. \n" + - name: request_metadata + type: group + fields: + - name: caller_ip + type: ip + description: "The IP address of the caller. \n" + - name: caller_supplied_user_agent + type: keyword + description: | + The user agent of the caller. This information is not authenticated and should be treated accordingly. + - name: response + type: group + fields: + - name: proto_name + type: keyword + description: | + Type property of the response. + - name: details + type: group + fields: + - name: group + type: keyword + description: | + The name of the group. + - name: kind + type: keyword + description: | + The kind of the response details. + - name: name + type: keyword + description: | + The name of the response details. + - name: uid + type: keyword + description: | + The uid of the response details. + - name: status.allowed + type: boolean + - name: status.reason + type: keyword + - name: status.value + type: keyword + - name: resource_name + type: keyword + description: | + The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. + - name: resource_location + type: group + fields: + - name: current_locations + type: keyword + description: | + Current locations of the resource. + - name: service_name + type: keyword + description: | + The name of the API service performing the operation. For example, datastore.googleapis.com. + - name: status + type: group + fields: + - name: code + type: integer + description: "The status code, which should be an enum value of google.rpc.Code. \n" + - name: message + type: keyword + description: "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. \n" diff --git a/packages/gcp/data_stream/audit/fields/package-fields.yml b/packages/gcp/data_stream/audit/fields/package-fields.yml new file mode 100644 index 00000000000..88482fd9c15 --- /dev/null +++ b/packages/gcp/data_stream/audit/fields/package-fields.yml @@ -0,0 +1,63 @@ +- name: gcp + type: group + fields: + - name: destination.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: destination.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. + - name: source.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: source.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. diff --git a/packages/gcp/data_stream/audit/manifest.yml b/packages/gcp/data_stream/audit/manifest.yml new file mode 100644 index 00000000000..feeadb14ba9 --- /dev/null +++ b/packages/gcp/data_stream/audit/manifest.yml @@ -0,0 +1,39 @@ +type: logs +title: Google Cloud Platform (GCP) audit logs +release: experimental +streams: + - input: gcp-pubsub + vars: + - name: topic + type: text + title: Topic + multi: false + required: true + show_user: true + default: stackdriver-audit + - name: subscription_name + type: text + title: Subscription Name + multi: false + required: true + show_user: true + default: filebeat-gcp-audit + - name: subscription_create + type: bool + title: Subscription Create + description: If true, the integration will create the subscription on start. + multi: false + required: true + show_user: false + default: false + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + template_path: gcp-pubsub.yml.hbs + title: Google Cloud Platform (GCP) audit logs (gcp-pubsub) + description: Collect Google Cloud Platform (GCP) audit logs using gcp-pubsub input diff --git a/packages/gcp/data_stream/audit/sample_event.json b/packages/gcp/data_stream/audit/sample_event.json new file mode 100644 index 00000000000..decf38c4986 --- /dev/null +++ b/packages/gcp/data_stream/audit/sample_event.json @@ -0,0 +1,96 @@ +{ + "log": { + "logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity" + }, + "source": { + "geo": { + "continent_name": "Europe", + "region_iso_code": "RU-MOW", + "city_name": "Moscow", + "country_iso_code": "RU", + "country_name": "Russia", + "region_name": "Moscow", + "location": { + "lon": 37.6172, + "lat": 55.7527 + } + }, + "ip": "1.2.3.4" + }, + "cloud": { + "project": { + "id": "foo" + } + }, + "@timestamp": "2020-08-05T21:59:26.456Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "name": "windows-server-2016-v20200805", + "proto_name": "type.googleapis.com/compute.images.insert" + }, + "authentication_info": { + "principal_email": "user@mycompany.com" + }, + "method_name": "v1.compute.images.insert", + "request_metadata": { + "caller_ip": "1.2.3.4", + "caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)" + }, + "response": { + "proto_name": "type.googleapis.com/operation", + "status": { + "value": "RUNNING" + } + }, + "service_name": "compute.googleapis.com", + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource_attributes": { + "name": "projects/foo/global/images/windows-server-2016-v20200805", + "type": "compute.images", + "service": "compute" + }, + "permission": "compute.images.create", + "granted": true + } + ], + "resource_name": "projects/foo/global/images/windows-server-2016-v20200805", + "resource_location": { + "current_locations": [ + "eu" + ] + } + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "v1.compute.images.insert", + "ingested": "2021-02-19T09:19:47.732239800Z", + "original": "{\"insertId\":\"v2spcwdzmc2\",\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Factivity\",\"operation\":{\"first\":true,\"id\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"producer\":\"compute.googleapis.com\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"user@mycompany.com\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"compute.images.create\",\"resourceAttributes\":{\"name\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"service\":\"compute\",\"type\":\"compute.images\"}}],\"methodName\":\"v1.compute.images.insert\",\"request\":{\"@type\":\"type.googleapis.com/compute.images.insert\",\"family\":\"windows-server-2016\",\"guestOsFeatures\":[{\"type\":\"VIRTIO_SCSI_MULTIQUEUE\"},{\"type\":\"WINDOWS\"}],\"name\":\"windows-server-2016-v20200805\",\"rawDisk\":{\"source\":\"https://storage.googleapis.com/storage/v1/b/foo/o/windows-server-2016-v20200805.tar.gz\"},\"sourceType\":\"RAW\"},\"requestMetadata\":{\"callerIp\":\"1.2.3.4\",\"callerSuppliedUserAgent\":\"google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2020-08-05T21:59:27.515Z\"}},\"resourceLocation\":{\"currentLocations\":[\"eu\"]},\"resourceName\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"response\":{\"@type\":\"type.googleapis.com/operation\",\"id\":\"44919313\",\"insertTime\":\"2020-08-05T14:59:27.259-07:00\",\"name\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"operationType\":\"insert\",\"progress\":\"0\",\"selfLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"selfLinkWithId\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/4491931805423146320\",\"startTime\":\"2020-08-05T14:59:27.274-07:00\",\"status\":\"RUNNING\",\"targetId\":\"12345\",\"targetLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/images/windows-server-2016-v20200805\",\"user\":\"user@mycompany.com\"},\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2020-08-05T21:59:27.822546978Z\",\"resource\":{\"labels\":{\"image_id\":\"771879043\",\"project_id\":\"foo\"},\"type\":\"gce_image\"},\"severity\":\"NOTICE\",\"timestamp\":\"2020-08-05T21:59:26.456Z\"}", + "id": "v2spcwdzmc2", + "kind": "event", + "outcome": "success" + }, + "user": { + "email": "user@mycompany.com" + }, + "user_agent": { + "name": "Other", + "original": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "19.6.0", + "full": "Mac OS X 19.6.0" + }, + "device": { + "name": "Mac" + } + } +} \ No newline at end of file diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log new file mode 100644 index 00000000000..0843196acc5 --- /dev/null +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log @@ -0,0 +1,22 @@ +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.128.0.16","dest_port":80,"protocol":6,"src_ip":"10.142.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"12345667","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} +{"insertId":"1dobeotg13df9f7","jsonPayload":{"connection":{"dest_ip":"10.128.0.10","dest_port":57794,"protocol":6,"src_ip":"10.142.0.16","src_port":80},"disposition":"DENIED","instance":{"project_id":"local-test","region":"us-central1","vm_name":"local-adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"remote-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"remote-beats","subnetwork_name":"mysubnet","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"EGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"mysubnet","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"892378332","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} +{"insertId":"4zuj4nfn4llkb","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":53,"protocol":17,"src_ip":"10.128.0.16","src_port":60094},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:35:24.466374097Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:35:17.214711274Z"} +{"insertId":"1f21ciqfpfssuo","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.126","src_port":64853},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"continent":"Asia","country":"omn"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-10-30T13:52:54.473174731Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-10-30T13:52:42.191988835Z"} +{"insertId":"8vcfeailjd","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.219","src_port":2897},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Krasnodar","continent":"Europe","country":"rus","region":"Krasnodar Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:31:22.738796433Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:31:19.421478847Z"} +{"insertId":"1bqgmw9feiabij","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:35.727004321Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:31.079508196Z"} +{"insertId":"1jrxaqbfe48bir","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.14","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"Europe","country":"deu"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:41:40.791816098Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:41:34.190831607Z"} +{"insertId":"1fw7drlfe2ty27","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.151","src_port":62551},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Berdychiv","continent":"Europe","country":"ukr","region":"Zhytomyr Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:48:47.038820509Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:48:41.449552758Z"} +{"insertId":"1yre751fekaxzs","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.241","src_port":44542},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Vicenza","continent":"Europe","country":"ita","region":"Veneto"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:10:30.804549999Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:10:24.214995318Z"} +{"insertId":"5kanfzfiqepkh","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.114","src_port":41293},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Tula","continent":"Europe","country":"rus","region":"Tula Oblast"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:35:28.934918322Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:35:23.504719962Z"} +{"insertId":"59z0t8fiow9vg","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.251","src_port":59106},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Stavropol","continent":"Europe","country":"rus","region":"Stavropol Krai"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T13:36:54.238077643Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T13:36:52.135887769Z"} +{"insertId":"1y7e4yzff816cq","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:26.357446279Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:16.59353182Z"} +{"insertId":"lx5jlsfggpr0q","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"192.0.2.189","src_port":61000},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"Violès","continent":"Europe","country":"fra","region":"Provence-Alpes-Côte d'Azur"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:06:28.203068653Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:06:22.930570324Z"} +{"insertId":"18ynfbufer19m1","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":8080,"protocol":6,"src_ip":"192.0.2.200","src_port":42716},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"city":"İzmir","continent":"Asia","country":"tur","region":"İzmir"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T14:32:14.038485761Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T14:32:07.407039908Z"} +{"insertId":"tzddthfsr6fv5","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":6,"src_ip":"10.28.0.16","src_port":46418},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:41:28.971534988Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:41:20.972747063Z"} +{"insertId":"1k2b7kefsnhzq7","jsonPayload":{"connection":{"dest_ip":"8.8.8.8","dest_port":80,"protocol":17,"src_ip":"10.28.0.16","src_port":58725},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_location":{"continent":"America","country":"usa"},"rule_details":{"action":"DENY","destination_range":["8.8.8.0/24"],"direction":"EGRESS","ip_port_info":[{"ip_protocol":"ALL"}],"priority":1000,"reference":"network:default/firewall:adrian-test-1","target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-12T12:42:33.671883883Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-12T12:42:26.50532921Z"} +{"insertId":"1sdfuwxfk8hq1c","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44666},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.531819246Z"} +{"insertId":"1sdfuwxfk8hq1b","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":44668},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:15.188832255Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:13.551617516Z"} +{"insertId":"yot1ojetjdiw","jsonPayload":{"connection":{"dest_ip":"10.42.0.2","dest_port":3389,"protocol":6,"src_ip":"192.0.2.7","src_port":1683},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-windows","zone":"us-east1-b"},"remote_location":{"city":"Almelo","continent":"Europe","country":"nld","region":"Overijssel"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["3389"]}],"priority":1000,"reference":"network:windows-isolated/firewall:windows-isolated-allow-rdp","source_range":["0.0.0.0/0"],"target_tag":["allow-rdp"]},"vpc":{"project_id":"test-beats","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:28.477733837Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"3238409883146034900","subnetwork_name":"windows-isolated"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:15.771161946Z"} +{"insertId":"5a27u1g22jks9e","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45068},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.850729583Z"} +{"insertId":"5a27u1g22jks8t","jsonPayload":{"connection":{"dest_ip":"10.42.0.10","dest_port":9200,"protocol":6,"src_ip":"192.0.2.114","src_port":45062},"disposition":"ALLOWED","instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-kibana","zone":"us-east1-b"},"remote_location":{"continent":"America","country":"usa"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"ALLOW","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["9200"]}],"priority":1000,"reference":"network:default/firewall:allow9200","source_range":["0.0.0.0/0"],"target_tag":["allow9200"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-11T12:54:45.189726185Z","resource":{"labels":{"location":"us-east1-b","project_id":"test-beats","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-11T12:54:35.85023465Z"} +{"insertId":"1dobeotg13df9f5","jsonPayload":{"connection":{"dest_ip":"10.28.0.16","dest_port":80,"protocol":6,"src_ip":"10.42.0.10","src_port":57794},"disposition":"DENIED","instance":{"project_id":"test-beats","region":"us-central1","vm_name":"adrian-test","zone":"us-central1-a"},"remote_instance":{"project_id":"test-beats","region":"us-east1","vm_name":"test-es","zone":"us-east1-b"},"remote_vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"},"rule_details":{"action":"DENY","direction":"INGRESS","ip_port_info":[{"ip_protocol":"TCP","port_range":["80","8080"]}],"priority":1000,"reference":"network:default/firewall:adrian-test-3","source_range":["0.0.0.0/0"],"target_tag":["adrian-test"]},"vpc":{"project_id":"test-beats","subnetwork_name":"default","vpc_name":"default"}},"logName":"projects/test-beats/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2019-11-06T16:41:45.009675991Z","resource":{"labels":{"location":"us-central1-a","project_id":"test-beats","subnetwork_id":"1266623735137648253","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-11-06T16:41:38.394575419Z"} diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-config.json b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-config.json new file mode 100644 index 00000000000..f71947c2f04 --- /dev/null +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-config.json @@ -0,0 +1,5 @@ +{ + "dynamic_fields": { + "event.ingested": ".*" + } +} \ No newline at end of file diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json new file mode 100644 index 00000000000..cb8d84c83ca --- /dev/null +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -0,0 +1,2162 @@ +{ + "expected": [ + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.128.0.16", + "port": 80, + "domain": "local-adrian-test", + "ip": "10.128.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "address": "10.142.0.10", + "port": 57794, + "domain": "test-es", + "ip": "10.142.0.10" + }, + "network": { + "name": "mysubnet", + "community_id": "1:r5Cn2Gb1aK8/KMnjNxp64xRRxCw=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "local-test" + } + }, + "@timestamp": "2019-11-06T16:41:38.394Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.142.0.10", + "10.128.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "mysubnet", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "local-test", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + }, + "source": { + "vpc": { + "project_id": "remote-beats", + "subnetwork_name": "mysubnet", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "remote-beats", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040355600Z", + "original": "{\"insertId\":\"1dobeotg13df9f5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.128.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.142.0.10\",\"src_port\":57794},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"local-test\",\"region\":\"us-central1\",\"vm_name\":\"local-adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"remote-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"remote-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"12345667\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1dobeotg13df9f5", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.128.0.10", + "port": 57794, + "domain": "test-es", + "ip": "10.128.0.10" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "address": "10.142.0.16", + "port": 80, + "domain": "local-adrian-test", + "ip": "10.142.0.16" + }, + "network": { + "name": "mysubnet", + "community_id": "1:PX8Huj8++6RLuv25K7VfHPger5I=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "outbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "local-test" + } + }, + "@timestamp": "2019-11-06T16:41:38.394Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.142.0.16", + "10.128.0.10" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "remote-beats", + "subnetwork_name": "mysubnet", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "remote-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "EGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "mysubnet", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "local-test", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040367300Z", + "original": "{\"insertId\":\"1dobeotg13df9f7\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.128.0.10\",\"dest_port\":57794,\"protocol\":6,\"src_ip\":\"10.142.0.16\",\"src_port\":80},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"local-test\",\"region\":\"us-central1\",\"vm_name\":\"local-adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"remote-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"remote-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"892378332\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1dobeotg13df9f7", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "geo": { + "continent_name": "North America", + "country_name": "United States", + "location": { + "lon": -97.822, + "lat": 37.751 + }, + "country_iso_code": "US" + }, + "as": { + "number": 15169, + "organization": { + "name": "Google LLC" + } + }, + "address": "8.8.8.8", + "port": 53, + "ip": "8.8.8.8" + }, + "rule": { + "name": "network:default/firewall:adrian-test-1" + }, + "source": { + "address": "10.128.0.16", + "port": 60094, + "domain": "adrian-test", + "ip": "10.128.0.16" + }, + "network": { + "name": "default", + "community_id": "1:iiDdIEXnxwSiz/hJbVnseQ4SZVE=", + "transport": "udp", + "type": "ipv4", + "iana_number": "17", + "direction": "outbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-12T12:35:17.214Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.128.0.16", + "8.8.8.8" + ] + }, + "gcp": { + "firewall": { + "rule_details": { + "action": "DENY", + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "destination_range": [ + "8.8.8.0/24" + ], + "ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "direction": "EGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040375200Z", + "original": "{\"insertId\":\"4zuj4nfn4llkb\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"8.8.8.8\",\"dest_port\":53,\"protocol\":17,\"src_ip\":\"10.128.0.16\",\"src_port\":60094},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:35:24.466374097Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:35:17.214711274Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "4zuj4nfn4llkb", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.42.0.2", + "port": 3389, + "domain": "test-windows", + "ip": "10.42.0.2" + }, + "rule": { + "name": "network:windows-isolated/firewall:windows-isolated-allow-rdp" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "omn" + }, + "address": "192.0.2.126", + "port": 64853, + "ip": "192.0.2.126" + }, + "network": { + "name": "windows-isolated", + "community_id": "1:I+YM7Ru3rl0RVZt/y+F/hkoY0Zc=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-10-30T13:52:42.191Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.126", + "10.42.0.2" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "windows-isolated", + "vpc_name": "windows-isolated" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "ALLOW", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow-rdp" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "3389" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040382900Z", + "original": "{\"insertId\":\"1f21ciqfpfssuo\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.2\",\"dest_port\":3389,\"protocol\":6,\"src_ip\":\"192.0.2.126\",\"src_port\":64853},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-windows\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"Asia\",\"country\":\"omn\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"3389\"]}],\"priority\":1000,\"reference\":\"network:windows-isolated/firewall:windows-isolated-allow-rdp\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow-rdp\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-10-30T13:52:54.473174731Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"3238409883146034900\",\"subnetwork_name\":\"windows-isolated\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-10-30T13:52:42.191988835Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1f21ciqfpfssuo", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 8080, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "rus", + "city_name": "Krasnodar", + "region_name": "Krasnodar Krai" + }, + "address": "192.0.2.219", + "port": 2897, + "ip": "192.0.2.219" + }, + "network": { + "name": "default", + "community_id": "1:I0VuqgaYU1tgaECjlzIRuPzILlg=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:31:19.421Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.219", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040390700Z", + "original": "{\"insertId\":\"8vcfeailjd\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.0.2.219\",\"src_port\":2897},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Krasnodar\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Krasnodar Krai\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:31:22.738796433Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:31:19.421478847Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "8vcfeailjd", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "deu" + }, + "address": "192.0.2.14", + "port": 61000, + "ip": "192.0.2.14" + }, + "network": { + "name": "default", + "community_id": "1:JXppP0Oqm+g33JYC0DKoWKxP1GI=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:41:31.079Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.14", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040398400Z", + "original": "{\"insertId\":\"1bqgmw9feiabij\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.0.2.14\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"Europe\",\"country\":\"deu\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:41:35.727004321Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:41:31.079508196Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1bqgmw9feiabij", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "deu" + }, + "address": "192.0.2.14", + "port": 61000, + "ip": "192.0.2.14" + }, + "network": { + "name": "default", + "community_id": "1:JXppP0Oqm+g33JYC0DKoWKxP1GI=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:41:34.190Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.14", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040405Z", + "original": "{\"insertId\":\"1jrxaqbfe48bir\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.0.2.14\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"Europe\",\"country\":\"deu\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:41:40.791816098Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:41:34.190831607Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1jrxaqbfe48bir", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 8080, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "ukr", + "city_name": "Berdychiv", + "region_name": "Zhytomyr Oblast" + }, + "address": "192.0.2.151", + "port": 62551, + "ip": "192.0.2.151" + }, + "network": { + "name": "default", + "community_id": "1:Us40G9GKff9nidizV7rCFgCQb9E=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:48:41.449Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.151", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040408700Z", + "original": "{\"insertId\":\"1fw7drlfe2ty27\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.0.2.151\",\"src_port\":62551},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Berdychiv\",\"continent\":\"Europe\",\"country\":\"ukr\",\"region\":\"Zhytomyr Oblast\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:48:47.038820509Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:48:41.449552758Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1fw7drlfe2ty27", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 8080, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "ita", + "city_name": "Vicenza", + "region_name": "Veneto" + }, + "address": "192.0.2.241", + "port": 44542, + "ip": "192.0.2.241" + }, + "network": { + "name": "default", + "community_id": "1:CKIvQ4W48ZjqiomnWxipDck9Yb0=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T13:10:24.214Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.241", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040414300Z", + "original": "{\"insertId\":\"1yre751fekaxzs\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.0.2.241\",\"src_port\":44542},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Vicenza\",\"continent\":\"Europe\",\"country\":\"ita\",\"region\":\"Veneto\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:10:30.804549999Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:10:24.214995318Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1yre751fekaxzs", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "rus", + "city_name": "Tula", + "region_name": "Tula Oblast" + }, + "address": "192.0.2.114", + "port": 41293, + "ip": "192.0.2.114" + }, + "network": { + "name": "default", + "community_id": "1:4MspX9JxDXjbalHc/6y9GntbkUc=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T13:35:23.504Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.114", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040420100Z", + "original": "{\"insertId\":\"5kanfzfiqepkh\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.0.2.114\",\"src_port\":41293},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Tula\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Tula Oblast\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:35:28.934918322Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:35:23.504719962Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "5kanfzfiqepkh", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "rus", + "city_name": "Stavropol", + "region_name": "Stavropol Krai" + }, + "address": "192.0.2.251", + "port": 59106, + "ip": "192.0.2.251" + }, + "network": { + "name": "default", + "community_id": "1:KygoHJBT+06I9CnmAPRmvl5CRO4=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T13:36:52.135Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.251", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040426700Z", + "original": "{\"insertId\":\"59z0t8fiow9vg\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.0.2.251\",\"src_port\":59106},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Stavropol\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Stavropol Krai\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:36:54.238077643Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:36:52.135887769Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "59z0t8fiow9vg", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "fra", + "city_name": "Violès", + "region_name": "Provence-Alpes-Côte d'Azur" + }, + "address": "192.0.2.189", + "port": 61000, + "ip": "192.0.2.189" + }, + "network": { + "name": "default", + "community_id": "1:20yMRdGVeNrVtL6TKhpfMDy284w=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T14:06:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.189", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040431300Z", + "original": "{\"insertId\":\"1y7e4yzff816cq\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.0.2.189\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Violès\",\"continent\":\"Europe\",\"country\":\"fra\",\"region\":\"Provence-Alpes-Côte d'Azur\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:06:26.357446279Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:06:16.59353182Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1y7e4yzff816cq", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "fra", + "city_name": "Violès", + "region_name": "Provence-Alpes-Côte d'Azur" + }, + "address": "192.0.2.189", + "port": 61000, + "ip": "192.0.2.189" + }, + "network": { + "name": "default", + "community_id": "1:20yMRdGVeNrVtL6TKhpfMDy284w=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T14:06:22.930Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.189", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040437100Z", + "original": "{\"insertId\":\"lx5jlsfggpr0q\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.0.2.189\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Violès\",\"continent\":\"Europe\",\"country\":\"fra\",\"region\":\"Provence-Alpes-Côte d'Azur\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:06:28.203068653Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:06:22.930570324Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "lx5jlsfggpr0q", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 8080, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "tur", + "city_name": "İzmir", + "region_name": "İzmir" + }, + "address": "192.0.2.200", + "port": 42716, + "ip": "192.0.2.200" + }, + "network": { + "name": "default", + "community_id": "1:6fenc8+hp2KWF1J9vvGwv3iswV0=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T14:32:07.407Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.200", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040441600Z", + "original": "{\"insertId\":\"18ynfbufer19m1\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.0.2.200\",\"src_port\":42716},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"İzmir\",\"continent\":\"Asia\",\"country\":\"tur\",\"region\":\"İzmir\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:32:14.038485761Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:32:07.407039908Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "18ynfbufer19m1", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "geo": { + "continent_name": "North America", + "country_name": "United States", + "location": { + "lon": -97.822, + "lat": 37.751 + }, + "country_iso_code": "US" + }, + "as": { + "number": 15169, + "organization": { + "name": "Google LLC" + } + }, + "address": "8.8.8.8", + "port": 80, + "ip": "8.8.8.8" + }, + "rule": { + "name": "network:default/firewall:adrian-test-1" + }, + "source": { + "address": "10.28.0.16", + "port": 46418, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "network": { + "name": "default", + "community_id": "1:L+yxRTY3bxAv2hbljIrAstKlE+g=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "outbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-12T12:41:20.972Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.28.0.16", + "8.8.8.8" + ] + }, + "gcp": { + "firewall": { + "rule_details": { + "action": "DENY", + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "destination_range": [ + "8.8.8.0/24" + ], + "ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "direction": "EGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040446Z", + "original": "{\"insertId\":\"tzddthfsr6fv5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"8.8.8.8\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.28.0.16\",\"src_port\":46418},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:41:28.971534988Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:41:20.972747063Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "tzddthfsr6fv5", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "geo": { + "continent_name": "North America", + "country_name": "United States", + "location": { + "lon": -97.822, + "lat": 37.751 + }, + "country_iso_code": "US" + }, + "as": { + "number": 15169, + "organization": { + "name": "Google LLC" + } + }, + "address": "8.8.8.8", + "port": 80, + "ip": "8.8.8.8" + }, + "rule": { + "name": "network:default/firewall:adrian-test-1" + }, + "source": { + "address": "10.28.0.16", + "port": 58725, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "network": { + "name": "default", + "community_id": "1:c7bqGkBTPmOmWydHv/uxpk1qOjc=", + "transport": "udp", + "type": "ipv4", + "iana_number": "17", + "direction": "outbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-12T12:42:26.505Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.28.0.16", + "8.8.8.8" + ] + }, + "gcp": { + "firewall": { + "rule_details": { + "action": "DENY", + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "destination_range": [ + "8.8.8.0/24" + ], + "ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "direction": "EGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040450400Z", + "original": "{\"insertId\":\"1k2b7kefsnhzq7\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"8.8.8.8\",\"dest_port\":80,\"protocol\":17,\"src_ip\":\"10.28.0.16\",\"src_port\":58725},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:42:33.671883883Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:42:26.50532921Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1k2b7kefsnhzq7", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.42.0.10", + "port": 9200, + "domain": "test-es", + "ip": "10.42.0.10" + }, + "rule": { + "name": "network:default/firewall:allow9200" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "address": "192.0.2.114", + "port": 44666, + "domain": "test-kibana", + "ip": "192.0.2.114" + }, + "network": { + "name": "default", + "community_id": "1:DAX43chSGct8LhjTchX9JgmQSEE=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:54:13.531Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.114", + "10.42.0.10" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "ALLOW", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "9200" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040454200Z", + "original": "{\"insertId\":\"1sdfuwxfk8hq1c\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.114\",\"src_port\":44666},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:15.188832255Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:13.531819246Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1sdfuwxfk8hq1c", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.42.0.10", + "port": 9200, + "domain": "test-es", + "ip": "10.42.0.10" + }, + "rule": { + "name": "network:default/firewall:allow9200" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "address": "192.0.2.114", + "port": 44668, + "domain": "test-kibana", + "ip": "192.0.2.114" + }, + "network": { + "name": "default", + "community_id": "1:TPU3xS0q892TRpPVImmLO31ok9s=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:54:13.551Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.114", + "10.42.0.10" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "ALLOW", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "9200" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040459700Z", + "original": "{\"insertId\":\"1sdfuwxfk8hq1b\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.114\",\"src_port\":44668},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:15.188832255Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:13.551617516Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1sdfuwxfk8hq1b", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.42.0.2", + "port": 3389, + "domain": "test-windows", + "ip": "10.42.0.2" + }, + "rule": { + "name": "network:windows-isolated/firewall:windows-isolated-allow-rdp" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "nld", + "city_name": "Almelo", + "region_name": "Overijssel" + }, + "address": "192.0.2.7", + "port": 1683, + "ip": "192.0.2.7" + }, + "network": { + "name": "windows-isolated", + "community_id": "1:nptqbsyCEhZhJ1ZBfy4iEMDFucI=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:54:15.771Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.7", + "10.42.0.2" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "windows-isolated", + "vpc_name": "windows-isolated" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "ALLOW", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow-rdp" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "3389" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040466600Z", + "original": "{\"insertId\":\"yot1ojetjdiw\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.2\",\"dest_port\":3389,\"protocol\":6,\"src_ip\":\"192.0.2.7\",\"src_port\":1683},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-windows\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"city\":\"Almelo\",\"continent\":\"Europe\",\"country\":\"nld\",\"region\":\"Overijssel\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"3389\"]}],\"priority\":1000,\"reference\":\"network:windows-isolated/firewall:windows-isolated-allow-rdp\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow-rdp\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:28.477733837Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"3238409883146034900\",\"subnetwork_name\":\"windows-isolated\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:15.771161946Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "yot1ojetjdiw", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.42.0.10", + "port": 9200, + "domain": "test-es", + "ip": "10.42.0.10" + }, + "rule": { + "name": "network:default/firewall:allow9200" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "address": "192.0.2.114", + "port": 45068, + "domain": "test-kibana", + "ip": "192.0.2.114" + }, + "network": { + "name": "default", + "community_id": "1:+KvUpcdGASPCZ5QYcOHVgid9Yjg=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:54:35.850Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.114", + "10.42.0.10" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "ALLOW", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "9200" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040473300Z", + "original": "{\"insertId\":\"5a27u1g22jks9e\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.114\",\"src_port\":45068},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:45.189726185Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:35.850729583Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "5a27u1g22jks9e", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.42.0.10", + "port": 9200, + "domain": "test-es", + "ip": "10.42.0.10" + }, + "rule": { + "name": "network:default/firewall:allow9200" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "address": "192.0.2.114", + "port": 45062, + "domain": "test-kibana", + "ip": "192.0.2.114" + }, + "network": { + "name": "default", + "community_id": "1:v6u3NIKBcvTUebkWUOly9nrN/HE=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-11T12:54:35.850Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.114", + "10.42.0.10" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + }, + "firewall": { + "rule_details": { + "action": "ALLOW", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "9200" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040481Z", + "original": "{\"insertId\":\"5a27u1g22jks8t\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.114\",\"src_port\":45062},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:45.189726185Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:35.85023465Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "5a27u1g22jks8t", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "address": "10.28.0.16", + "port": 80, + "domain": "adrian-test", + "ip": "10.28.0.16" + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "address": "10.42.0.10", + "port": 57794, + "domain": "test-es", + "ip": "10.42.0.10" + }, + "network": { + "name": "default", + "community_id": "1:6Q1oPyCPH/prdYU6FXBpxAgFrP8=", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "direction": "inbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-06T16:41:38.394Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.42.0.10", + "10.28.0.16" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + }, + "firewall": { + "rule_details": { + "action": "DENY", + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "ip_port_info": [ + { + "port_range": [ + "80", + "8080" + ], + "ip_protocol": "TCP" + } + ], + "direction": "INGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "test-beats", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040488800Z", + "original": "{\"insertId\":\"1dobeotg13df9f5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.42.0.10\",\"src_port\":57794},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "1dobeotg13df9f5", + "category": "network", + "type": "connection" + } + } + ] +} \ No newline at end of file diff --git a/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml new file mode 100644 index 00000000000..43d3543d698 --- /dev/null +++ b/packages/gcp/data_stream/firewall/_dev/test/system/test-pubsub-config.yml @@ -0,0 +1,10 @@ +service: gcppubsub-emulator +input: gcp-pubsub +vars: + alternative_host: "{{Hostname}}:{{Port}}" + credentials_json: '{\"fake\":\"creds\"}' + project_id: firewall +data_stream: + vars: + subscription_name: subscription + topic: topic diff --git a/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs new file mode 100644 index 00000000000..bc6bc01b7e0 --- /dev/null +++ b/packages/gcp/data_stream/firewall/agent/stream/gcp-pubsub.yml.hbs @@ -0,0 +1,20 @@ +project_id: {{project_id}} +topic: {{topic}} +subscription.name: {{subscription_name}} +{{#if credentials_file}} +credentials_file: {{credentials_file}} +{{/if}} +{{#if credentials_json}} +credentials_json: {{credentials_json}} +{{/if}} +{{#if alternative_host}} +alternative_host: {{alternative_host}} +{{/if}} +subscription.create: {{subscription_create}} +tags: + {{#each tags as |tag i|}} + - {{tag}} + {{/each}} +{{#contains tags "forwarded"}} +publisher_pipeline.disable_host: true +{{/contains}} diff --git a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..27a66f6f9ff --- /dev/null +++ b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,395 @@ +--- +description: Pipeline for Google Cloud Firewall Logs + +processors: + - json: + field: message + target_field: json + - community_id: + source_ip: json.jsonPayload.connection.src_ip + source_port: json.jsonPayload.connection.src_port + destination_ip: json.jsonPayload.connection.dest_ip + destination_port: json.jsonPayload.connection.dest_port + iana_number: json.jsonPayload.connection.protocol + - set: + field: ecs.version + value: "1.8.0" + + - set: + field: event.ingested + value: "{{_ingest.timestamp}}" + + - rename: + field: message + target_field: event.original + ignore_missing: true + + - date: + field: json.timestamp + timezone: UTC + formats: + - ISO8601 + + - set: + field: event.kind + value: event + - set: + field: event.category + value: network + - set: + field: event.action + value: firewall-rule + + - rename: + field: json.logName + target_field: log.logger + ignore_missing: true + - rename: + field: json.resource.labels.subnetwork_name + target_field: network.name + ignore_missing: true + - set: + field: event.id + copy_from: json.insertId + ignore_empty_value: true + ignore_failure: true + - rename: + field: json.jsonPayload.disposition + target_field: event.type + if: ctx?.json?.jsonPayload?.disposition != null + - set: + field: event.type + value: connection + if: ctx?.event?.type != null + - lowercase: + field: event.type + - set: + field: network.direction + value: inbound + if: ctx?.json?.jsonPayload?.rule_details?.direction == "INGRESS" + - set: + field: network.direction + value: outbound + if: ctx?.json?.jsonPayload?.rule_details?.direction == "EGRESS" + - set: + field: network.direction + value: unknown + if: ctx?.network?.direction == null + - rename: + field: json.jsonPayload.vpc + target_field: json.jsonPayload.src_vpc + if: ctx?.network?.direction == "outbound" + ignore_missing: true + - rename: + field: json.jsonPayload.instance + target_field: json.jsonPayload.src_instance + if: ctx?.network?.direction == "outbound" + ignore_missing: true + - rename: + field: json.jsonPayload.location + target_field: json.jsonPayload.src_location + if: ctx?.network?.direction == "outbound" + ignore_missing: true + - rename: + field: json.jsonPayload.remote_vpc + target_field: json.jsonPayload.dest_vpc + if: ctx?.network?.direction == "outbound" + ignore_missing: true + - rename: + field: json.jsonPayload.remote_instance + target_field: json.jsonPayload.dest_instance + if: ctx?.network?.direction == "outbound" + ignore_missing: true + - rename: + field: json.jsonPayload.remote_location + target_field: json.jsonPayload.dest_location + if: ctx?.network?.direction == "outbound" + ignore_missing: true + - rename: + field: json.jsonPayload.vpc + target_field: json.jsonPayload.dest_vpc + if: ctx?.network?.direction == "inbound" + ignore_missing: true + - rename: + field: json.jsonPayload.instance + target_field: json.jsonPayload.dest_instance + if: ctx?.network?.direction == "inbound" + ignore_missing: true + - rename: + field: json.jsonPayload.location + target_field: json.jsonPayload.dest_location + if: ctx?.network?.direction == "inbound" + ignore_missing: true + - rename: + field: json.jsonPayload.remote_vpc + target_field: json.jsonPayload.src_vpc + if: ctx?.network?.direction == "inbound" + ignore_missing: true + - rename: + field: json.jsonPayload.remote_instance + target_field: json.jsonPayload.src_instance + if: ctx?.network?.direction == "inbound" + ignore_missing: true + - rename: + field: json.jsonPayload.remote_location + target_field: json.jsonPayload.src_location + if: ctx?.network?.direction == "inbound" + ignore_missing: true + - rename: + field: json.jsonPayload.connection.protocol + target_field: network.iana_number + ignore_missing: true + - convert: + field: network.iana_number + type: string + ignore_missing: true + - set: + field: network.transport + value: icmp + if: ctx?.network?.iana_number == "1" + - set: + field: network.transport + value: tcp + if: ctx?.network?.iana_number == "6" + - set: + field: network.transport + value: udp + if: ctx?.network?.iana_number == "17" + - rename: + field: json.jsonPayload.connection.dest_ip + target_field: destination.address + ignore_missing: true + - rename: + field: json.jsonPayload.connection.dest_port + target_field: destination.port + ignore_missing: true + - rename: + field: json.jsonPayload.connection.src_ip + target_field: source.address + ignore_missing: true + - rename: + field: json.jsonPayload.connection.src_port + target_field: source.port + ignore_missing: true + - rename: + field: json.jsonPayload.src_instance.vm_name + target_field: source.domain + ignore_missing: true + - rename: + field: json.jsonPayload.dest_instance.vm_name + target_field: destination.domain + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.continent + target_field: destination.geo.continent_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.country + target_field: destination.geo.country_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.region + target_field: destination.geo.region_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.city + target_field: destination.geo.city_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.continent + target_field: source.geo.continent_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.country + target_field: source.geo.country_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.region + target_field: source.geo.region_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.city + target_field: source.geo.city_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_instance + target_field: gcp.destination.instance + ignore_missing: true + - rename: + field: json.jsonPayload.dest_vpc + target_field: gcp.destination.vpc + ignore_missing: true + - rename: + field: json.jsonPayload.src_instance + target_field: gcp.source.instance + ignore_missing: true + - rename: + field: json.jsonPayload.src_vpc + target_field: gcp.source.vpc + ignore_missing: true + - rename: + field: json.jsonPayload.rule_details.reference + target_field: rule.name + ignore_missing: true + - set: + field: source.ip + value: "{{source.address}}" + if: ctx?.source?.address != null + ignore_failure: true + - set: + field: destination.ip + value: "{{destination.address}}" + if: ctx?.destination?.address != null + ignore_failure: true + - convert: + field: gcp.source.instance.project_id + target_field: cloud.project.id + type: string + ignore_missing: true + if: ctx?.network?.direction == "outbound" + - convert: + field: gcp.source.instance.vm_name + target_field: cloud.instance.name + type: string + ignore_missing: true + if: ctx?.network?.direction == "outbound" + - convert: + field: gcp.source.instance.region + target_field: cloud.region + type: string + ignore_missing: true + if: ctx?.network?.direction == "outbound" + - convert: + field: gcp.source.instance.zone + target_field: cloud.availability_zone + type: string + ignore_missing: true + if: ctx?.network?.direction == "outbound" + - convert: + field: gcp.source.vpc.subnetwork_name + target_field: network.name + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.network?.direction == "outbound" + - convert: + field: gcp.destination.instance.project_id + target_field: cloud.project.id + type: string + ignore_missing: true + if: ctx?.network?.direction == "inbound" + - convert: + field: gcp.destination.instance.vm_name + target_field: cloud.instance.name + type: string + ignore_missing: true + if: ctx?.network?.direction == "inbound" + - convert: + field: gcp.destination.instance.region + target_field: cloud.region + type: string + ignore_missing: true + if: ctx?.network?.direction == "inbound" + - convert: + field: gcp.destination.instance.zone + target_field: cloud.availability_zone + type: string + ignore_missing: true + if: ctx?.network?.direction == "inbound" + - convert: + field: gcp.destination.vpc.subnetwork_name + target_field: network.name + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.network?.direction == "inbound" + - set: + field: network.direction + value: internal + if: ctx?.gcp?.source?.instance == ctx?.gcp?.destination?.instance + - set: + field: network.type + value: ipv4 + if: ctx?.source?.ip != null && ctx?.source?.ip.contains(".") + - set: + field: network.type + value: ipv6 + if: ctx?.source?.ip != null && !ctx?.source?.ip.contains(".") + - rename: + field: json.jsonPayload.rule_details + target_field: gcp.firewall.rule_details + ignore_missing: true + - append: + field: related.ip + value: "{{source.ip}}" + allow_duplicates: false + if: ctx?.source?.ip != null && ctx?.source?.ip != "" + - append: + field: related.ip + value: "{{destination.ip}}" + allow_duplicates: false + if: ctx?.destination?.ip != null && ctx?.destination?.ip != "" + - remove: + field: + - gcp.firewall.connection + - gcp.firewall.dest_location + - gcp.firewall.disposition + - gcp.firewall.src_location + - json + ignore_missing: true + + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/packages/gcp/data_stream/firewall/fields/agent.yml b/packages/gcp/data_stream/firewall/fields/agent.yml new file mode 100644 index 00000000000..da4e652c53b --- /dev/null +++ b/packages/gcp/data_stream/firewall/fields/agent.yml @@ -0,0 +1,198 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: labels + level: extended + type: object + object_type: keyword + description: Image labels. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: architecture + level: core + type: keyword + ignore_above: 1024 + description: Operating system architecture. + example: x86_64 + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: id + level: core + type: keyword + ignore_above: 1024 + description: 'Unique host id. + + As hostname is not always unique, use values that are meaningful in your environment. + + Example: The current usage of `beat.name`.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: name + level: core + type: keyword + ignore_above: 1024 + description: 'Name of the host. + + It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: os.family + level: extended + type: keyword + ignore_above: 1024 + description: OS family (such as redhat, debian, freebsd, windows). + example: debian + - name: os.kernel + level: extended + type: keyword + ignore_above: 1024 + description: Operating system kernel version as a raw string. + example: 4.4.0-112-generic + - name: os.name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Operating system name, without the version. + example: Mac OS X + - name: os.platform + level: extended + type: keyword + ignore_above: 1024 + description: Operating system platform (such centos, ubuntu, windows). + example: darwin + - name: os.version + level: extended + type: keyword + ignore_above: 1024 + description: Operating system version as a raw string. + example: 10.14.1 + - name: type + level: core + type: keyword + ignore_above: 1024 + description: 'Type of host. + + For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + - name: containerized + type: boolean + description: > + If the host is a container. + + - name: os.build + type: keyword + example: "18D109" + description: > + OS build information. + + - name: os.codename + type: keyword + example: "stretch" + description: > + OS codename, if any. + diff --git a/packages/gcp/data_stream/firewall/fields/base-fields.yml b/packages/gcp/data_stream/firewall/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/gcp/data_stream/firewall/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/gcp/data_stream/firewall/fields/ecs.yml b/packages/gcp/data_stream/firewall/fields/ecs.yml new file mode 100644 index 00000000000..63f164dd35a --- /dev/null +++ b/packages/gcp/data_stream/firewall/fields/ecs.yml @@ -0,0 +1,297 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: container + title: Container + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: Container name. + ignore_above: 1024 + - name: runtime + level: extended + type: keyword + description: Runtime managing this container. + ignore_above: 1024 +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + ignore_above: 1024 + description: 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.' + - name: as.number + level: extended + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + example: 15169 + - name: as.organization.name + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Organization name. + - name: domain + level: core + type: wildcard + description: Destination domain. + - name: geo.city_name + level: core + type: keyword + ignore_above: 1024 + description: City name. + - name: geo.continent_name + level: core + type: keyword + ignore_above: 1024 + description: Name of the continent. + - name: geo.country_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Country ISO code. + - name: geo.country_name + level: core + type: keyword + ignore_above: 1024 + description: Country name. + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.name + level: extended + type: wildcard + description: 'User-defined description of a location, at the level of granularity they care about.' + - name: geo.region_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Region ISO code. + - name: geo.region_name + level: core + type: keyword + ignore_above: 1024 + description: Region name. + - name: ip + level: core + type: ip + description: IP address of the destination (IPv4 or IPv6). + - name: port + level: core + type: long + format: string + description: Port of the destination. +- name: ecs.version + type: keyword + description: ECS version +- name: event + title: Event + group: 2 + type: group + fields: + - name: action + level: core + type: keyword + description: |- + The action captured by the event. + This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. + ignore_above: 1024 + - name: ingested + level: core + type: date + description: 'Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It''s also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`.' + - name: outcome + level: core + type: keyword + description: |- + This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. + Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. + Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. + ignore_above: 1024 +- name: input.type + type: keyword + description: Input type +- name: log.file.path + type: keyword + description: Log path +- name: log.offset + type: long + description: Log offset +- name: log.logger + type: keyword +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + ignore_above: 1024 + description: 'Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.' + - name: as.number + level: extended + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + example: 15169 + - name: as.organization.name + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Organization name. + - name: domain + level: core + type: wildcard + description: Source domain. + - name: geo.city_name + level: core + type: keyword + ignore_above: 1024 + description: City name. + - name: geo.continent_name + level: core + type: keyword + ignore_above: 1024 + description: Name of the continent. + - name: geo.country_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Country ISO code. + - name: geo.country_name + level: core + type: keyword + ignore_above: 1024 + description: Country name. + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.name + level: extended + type: wildcard + description: 'User-defined description of a location, at the level of granularity they care about.' + - name: geo.region_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Region ISO code. + - name: geo.region_name + level: core + type: keyword + ignore_above: 1024 + description: Region name. + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). + - name: port + level: core + type: long + format: string + description: Port of the source. +- name: network + title: Network + group: 2 + description: 'The network is defined as the communication path over which a host or network event happens. + + The network.* fields should be populated with details about the network activity associated with an event.' + type: group + fields: + - name: community_id + level: extended + type: keyword + ignore_above: 1024 + description: 'A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows.' + - name: direction + level: core + type: keyword + ignore_above: 1024 + description: Direction of the network traffic. + - name: iana_number + level: extended + type: keyword + ignore_above: 1024 + description: IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Name given by operators to sections of their network. + - name: transport + level: core + type: keyword + ignore_above: 1024 + description: 'Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.)' + - name: type + level: core + type: keyword + ignore_above: 1024 + description: 'In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc' +- name: rule + title: Rule + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: The name of the rule or signature generating the event. + default_field: false +- name: related + title: Related + group: 2 + type: group + fields: + - name: hash + level: extended + type: keyword + ignore_above: 1024 + description: All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). + default_field: false + - name: hosts + level: extended + type: keyword + ignore_above: 1024 + description: All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. + default_field: false + - name: ip + level: extended + type: ip + description: All of the IPs seen on your event. + - name: user + level: extended + type: keyword + ignore_above: 1024 + description: All the user names seen on your event. + default_field: false +- name: tags + level: core + type: keyword + ignore_above: 1024 + description: List of keywords used to tag each event. diff --git a/packages/gcp/data_stream/firewall/fields/fields.yml b/packages/gcp/data_stream/firewall/fields/fields.yml new file mode 100644 index 00000000000..98681562b2e --- /dev/null +++ b/packages/gcp/data_stream/firewall/fields/fields.yml @@ -0,0 +1,44 @@ +- name: gcp.firewall + type: group + fields: + - name: rule_details + type: group + fields: + - name: priority + type: long + description: The priority for the firewall rule. + - name: action + type: keyword + description: Action that the rule performs on match. + - name: direction + type: keyword + description: Direction of traffic that matches this rule. + - name: reference + type: keyword + description: Reference to the firewall rule. + - name: source_range + type: keyword + description: List of source ranges that the firewall rule applies to. + - name: destination_range + type: keyword + description: List of destination ranges that the firewall applies to. + - name: source_tag + type: keyword + description: | + List of all the source tags that the firewall rule applies to. + - name: target_tag + type: keyword + description: | + List of all the target tags that the firewall rule applies to. + - name: ip_port_info + type: array + description: | + List of ip protocols and applicable port ranges for rules. + - name: source_service_account + type: keyword + description: | + List of all the source service accounts that the firewall rule applies to. + - name: target_service_account + type: keyword + description: | + List of all the target service accounts that the firewall rule applies to. diff --git a/packages/gcp/data_stream/firewall/fields/package-fields.yml b/packages/gcp/data_stream/firewall/fields/package-fields.yml new file mode 100644 index 00000000000..88482fd9c15 --- /dev/null +++ b/packages/gcp/data_stream/firewall/fields/package-fields.yml @@ -0,0 +1,63 @@ +- name: gcp + type: group + fields: + - name: destination.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: destination.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. + - name: source.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: source.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. diff --git a/packages/gcp/data_stream/firewall/manifest.yml b/packages/gcp/data_stream/firewall/manifest.yml new file mode 100644 index 00000000000..e0bbe15f70a --- /dev/null +++ b/packages/gcp/data_stream/firewall/manifest.yml @@ -0,0 +1,39 @@ +type: logs +title: Google Cloud Platform (GCP) firewall logs +release: experimental +streams: + - input: gcp-pubsub + vars: + - name: topic + type: text + title: Topic + multi: false + required: true + show_user: true + default: stackdriver-firewall + - name: subscription_name + type: text + title: Subscription Name + multi: false + required: true + show_user: true + default: filebeat-gcp-firewall + - name: subscription_create + type: bool + title: Subscription Create + description: If true, the integration will create the subscription on start. + multi: false + required: true + show_user: false + default: false + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + template_path: gcp-pubsub.yml.hbs + title: Google Cloud Platform (GCP) firewall logs (gcp-pubsub) + description: Collect Google Cloud Platform (GCP) firewall logs using gcp-pubsub input diff --git a/packages/gcp/data_stream/firewall/sample_event.json b/packages/gcp/data_stream/firewall/sample_event.json new file mode 100644 index 00000000000..09ffaaf940d --- /dev/null +++ b/packages/gcp/data_stream/firewall/sample_event.json @@ -0,0 +1,100 @@ +{ + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "geo": { + "continent_name": "North America", + "country_name": "United States", + "location": { + "lon": -97.822, + "lat": 37.751 + }, + "country_iso_code": "US" + }, + "as": { + "number": 15169, + "organization": { + "name": "Google LLC" + } + }, + "address": "8.8.8.8", + "port": 53, + "ip": "8.8.8.8" + }, + "rule": { + "name": "network:default/firewall:adrian-test-1" + }, + "source": { + "address": "10.128.0.16", + "port": 60094, + "domain": "adrian-test", + "ip": "10.128.0.16" + }, + "network": { + "name": "default", + "community_id": "1:iiDdIEXnxwSiz/hJbVnseQ4SZVE=", + "transport": "udp", + "type": "ipv4", + "iana_number": "17", + "direction": "outbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-12T12:35:17.214Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.128.0.16", + "8.8.8.8" + ] + }, + "gcp": { + "firewall": { + "rule_details": { + "action": "DENY", + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "destination_range": [ + "8.8.8.0/24" + ], + "ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "direction": "EGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040375200Z", + "original": "{\"insertId\":\"4zuj4nfn4llkb\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"8.8.8.8\",\"dest_port\":53,\"protocol\":17,\"src_ip\":\"10.128.0.16\",\"src_port\":60094},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:35:24.466374097Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:35:17.214711274Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "4zuj4nfn4llkb", + "category": "network", + "type": "connection" + } +} \ No newline at end of file diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log new file mode 100644 index 00000000000..6e27f806daa --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log @@ -0,0 +1,296 @@ +{"insertId":"ut8lbrffooxyw","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.12","dest_port":33478,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:37.301953198Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:37.186193305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzb","jsonPayload":{"bytes_sent":"173663","connection":{"dest_ip":"10.87.40.76","dest_port":33970,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"68","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466657665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxze","jsonPayload":{"bytes_sent":"155707","connection":{"dest_ip":"203.0.113.134","dest_port":33576,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821143836Z","packets_sent":"78","reporter":"SRC","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510622432Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyz","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"192.0.2.23","dest_port":59679,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":49505,"city":"Saint Petersburg","continent":"Europe","country":"rus","region":"Saint Petersburg"},"end_time":"2019-06-14T03:40:46.031032701Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:45.860349247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz6","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"192.0.2.117","dest_port":50646,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:37.048196137Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:36.895188084Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzf","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":50646},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:37.048196137Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:36.895188084Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz1","jsonPayload":{"bytes_sent":"186151","connection":{"dest_ip":"10.87.40.76","dest_port":33692,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"251","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyp","jsonPayload":{"bytes_sent":"15169","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33880},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821308944Z","packets_sent":"92","reporter":"SRC","rtt_msec":"3","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469099728Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzd","jsonPayload":{"bytes_sent":"250864","connection":{"dest_ip":"10.87.40.76","dest_port":33554,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"247","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500506974Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz8","jsonPayload":{"bytes_sent":"167939","connection":{"dest_ip":"10.87.40.76","dest_port":33880,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821308944Z","packets_sent":"63","reporter":"DEST","rtt_msec":"3","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469099728Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyt","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"192.0.2.23","src_port":59679},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:46.031032701Z","packets_sent":"3","reporter":"DEST","src_location":{"asn":49505,"city":"Saint Petersburg","continent":"Europe","country":"rus","region":"Saint Petersburg"},"start_time":"2019-06-14T03:40:45.860349247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz5","jsonPayload":{"bytes_sent":"11773","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33576},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"94","reporter":"DEST","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510622432Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxza","jsonPayload":{"bytes_sent":"65699","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33562},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393910944Z","packets_sent":"356","reporter":"DEST","rtt_msec":"192","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074897435Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyq","jsonPayload":{"bytes_sent":"66029","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33692},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"361","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz2","jsonPayload":{"bytes_sent":"65154","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33542},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"360","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150720950Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyo","jsonPayload":{"bytes_sent":"13643","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33970},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"99","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466657665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxzc","jsonPayload":{"bytes_sent":"34509840","connection":{"dest_ip":"10.49.136.133","dest_port":46864,"protocol":6,"src_ip":"203.0.113.93","src_port":9243},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:29.432367659Z","packets_sent":"8690","reporter":"DEST","rtt_msec":"36","start_time":"2019-06-14T03:40:17.343890802Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz7","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":34836},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:39.076420731Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:38.961050187Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyu","jsonPayload":{"bytes_sent":"63671","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33554},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"367","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500506974Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyv","jsonPayload":{"bytes_sent":"51075","connection":{"dest_ip":"203.0.113.58","dest_port":65320,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220714119Z","packets_sent":"608","reporter":"SRC","rtt_msec":"220","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.560917237Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz0","jsonPayload":{"bytes_sent":"197840","connection":{"dest_ip":"203.0.113.134","dest_port":33562,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393910944Z","packets_sent":"258","reporter":"SRC","rtt_msec":"192","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074897435Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxys","jsonPayload":{"bytes_sent":"173805495","connection":{"dest_ip":"203.0.113.93","dest_port":9243,"protocol":6,"src_ip":"10.49.136.133","src_port":46864},"end_time":"2019-06-14T03:49:58.716492806Z","packets_sent":"44438","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:17.306085222Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyx","jsonPayload":{"bytes_sent":"1468","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":33478},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:37.301953198Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:37.186193305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz4","jsonPayload":{"bytes_sent":"159704","connection":{"dest_ip":"203.0.113.134","dest_port":33548,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393651211Z","packets_sent":"241","reporter":"SRC","rtt_msec":"50","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147252064Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz3","jsonPayload":{"bytes_sent":"70775","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65320},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220714119Z","packets_sent":"732","reporter":"DEST","rtt_msec":"220","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.560917237Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxz9","jsonPayload":{"bytes_sent":"281147","connection":{"dest_ip":"10.87.40.76","dest_port":33542,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150720950Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyr","jsonPayload":{"bytes_sent":"63590","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33548},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.537763242Z","packets_sent":"340","reporter":"DEST","rtt_msec":"50","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147252064Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"ut8lbrffooxyy","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":34836,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:39.076420731Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:38.961050187Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:10.845445834Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:10.845445834Z"} +{"insertId":"1ulp77rfdvho4g","jsonPayload":{"bytes_sent":"1239","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"192.0.2.165","src_port":59623},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:52.361155668Z","packets_sent":"18","reporter":"DEST","rtt_msec":"233","src_location":{"asn":45899,"city":"Vĩnh Yên","continent":"Asia","country":"vnm","region":"Vinh Phuc Province"},"start_time":"2019-06-14T03:40:46.541094678Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5r","jsonPayload":{"bytes_sent":"63853","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33552},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213244028Z","packets_sent":"363","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075811571Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5k","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33924},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:20.745658276Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:20.634435179Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho55","jsonPayload":{"bytes_sent":"252397","connection":{"dest_ip":"203.0.113.134","dest_port":33534,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597088427Z","packets_sent":"260","reporter":"SRC","rtt_msec":"311","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075942176Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho60","jsonPayload":{"bytes_sent":"205787","connection":{"dest_ip":"203.0.113.134","dest_port":33694,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565117754Z","packets_sent":"265","reporter":"SRC","rtt_msec":"216","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566551903Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho49","jsonPayload":{"bytes_sent":"106409","connection":{"dest_ip":"203.0.113.58","dest_port":65263,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220748025Z","packets_sent":"607","reporter":"SRC","rtt_msec":"87","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.270990648Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4t","jsonPayload":{"bytes_sent":"61242","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33534},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597088427Z","packets_sent":"356","reporter":"DEST","rtt_msec":"311","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075942176Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho68","jsonPayload":{"bytes_sent":"248826","connection":{"dest_ip":"203.0.113.101","dest_port":49680,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"siem-windows","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"},"end_time":"2019-06-14T03:49:55.705469925Z","packets_sent":"735","reporter":"SRC","rtt_msec":"113","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.711043814Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5n","jsonPayload":{"bytes_sent":"1777","connection":{"dest_ip":"192.0.2.117","dest_port":33862,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:11.779780615Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:11.655143526Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5l","jsonPayload":{"bytes_sent":"116845","connection":{"dest_ip":"203.0.113.58","dest_port":65321,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"594","reporter":"SRC","rtt_msec":"219","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.843986502Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho65","jsonPayload":{"bytes_sent":"4614","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33524},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461087350Z","packets_sent":"58","reporter":"DEST","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.790136141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4b","jsonPayload":{"bytes_sent":"50379","connection":{"dest_ip":"192.0.2.177","dest_port":60112,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:18.224268993Z","packets_sent":"130","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:14.031541248Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4m","jsonPayload":{"bytes_sent":"200417","connection":{"dest_ip":"10.87.40.76","dest_port":33552,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213244028Z","packets_sent":"250","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075811571Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5t","jsonPayload":{"bytes_sent":"30233","connection":{"dest_ip":"203.0.113.134","dest_port":33524,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461087350Z","packets_sent":"37","reporter":"SRC","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.790136141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho50","jsonPayload":{"bytes_sent":"160693","connection":{"dest_ip":"10.87.40.76","dest_port":33548,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565451051Z","packets_sent":"237","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147072949Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho63","jsonPayload":{"bytes_sent":"59903","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33694},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565117754Z","packets_sent":"353","reporter":"DEST","rtt_msec":"216","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566551903Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4r","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":33924,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:20.745658276Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:20.634545217Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4i","jsonPayload":{"bytes_sent":"129335","connection":{"dest_ip":"203.0.113.58","dest_port":65271,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:55.318940798Z","packets_sent":"605","reporter":"SRC","rtt_msec":"89","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.155378070Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5v","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":33862},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:11.779780615Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:11.655143526Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5i","jsonPayload":{"bytes_sent":"75477","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65321},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"737","reporter":"DEST","rtt_msec":"219","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.843986502Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5c","jsonPayload":{"bytes_sent":"102119","connection":{"dest_ip":"203.0.113.58","dest_port":65316,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"600","reporter":"SRC","rtt_msec":"86","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.565831992Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5p","jsonPayload":{"bytes_sent":"1541638","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.101","src_port":49680},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.705469925Z","packets_sent":"949","reporter":"DEST","rtt_msec":"113","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"siem-windows","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"windows-isolated","vpc_name":"windows-isolated"},"start_time":"2019-06-14T03:39:59.711043814Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4y","jsonPayload":{"bytes_sent":"755901","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60112},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:18.224268993Z","packets_sent":"227","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:14.031541248Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4o","jsonPayload":{"bytes_sent":"248715","connection":{"dest_ip":"203.0.113.134","dest_port":33558,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.394676451Z","packets_sent":"270","reporter":"SRC","rtt_msec":"144","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:58.492572765Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5g","jsonPayload":{"bytes_sent":"69757","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65316},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"709","reporter":"DEST","rtt_msec":"86","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.565831992Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho59","jsonPayload":{"bytes_sent":"69440","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65263},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220748025Z","packets_sent":"728","reporter":"DEST","rtt_msec":"87","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:01.270990648Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho57","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":50438},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:20.569744903Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:20.454046087Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5e","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"192.0.2.117","dest_port":50438,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:20.569744903Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.454046087Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4d","jsonPayload":{"bytes_sent":"2395","connection":{"dest_ip":"192.0.2.165","dest_port":59623,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":45899,"city":"Vĩnh Yên","continent":"Asia","country":"vnm","region":"Vinh Phuc Province"},"end_time":"2019-06-14T03:40:52.361155668Z","packets_sent":"11","reporter":"SRC","rtt_msec":"233","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:46.541094678Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho5y","jsonPayload":{"bytes_sent":"60335","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33558},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.538257098Z","packets_sent":"353","reporter":"DEST","rtt_msec":"144","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:58.492572765Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho6a","jsonPayload":{"bytes_sent":"65565","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33548},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565451051Z","packets_sent":"354","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147072949Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"1ulp77rfdvho4v","jsonPayload":{"bytes_sent":"70174","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65271},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.318940798Z","packets_sent":"717","reporter":"DEST","rtt_msec":"89","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.155378070Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:11.981912845Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:11.981912845Z"} +{"insertId":"bnj3cofh3cdk1","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":34178},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:51.355687385Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:51.237256499Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjx","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33602},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:51.090104692Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:50.954948790Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdju","jsonPayload":{"bytes_sent":"66736","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33554},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565131125Z","packets_sent":"366","reporter":"DEST","rtt_msec":"224","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143837873Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjz","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":33602,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:51.090104692Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:50.954948790Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkk","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":52454},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:40.888804332Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:40.779893091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk0","jsonPayload":{"bytes_sent":"259510","connection":{"dest_ip":"10.87.40.76","dest_port":33534,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597279654Z","packets_sent":"251","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075756033Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":52260,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:11.183868408Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:11.063146265Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkp","jsonPayload":{"bytes_sent":"65069","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33530},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565300944Z","packets_sent":"361","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140119099Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkc","jsonPayload":{"bytes_sent":"60530","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33556},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"366","reporter":"SRC","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkm","jsonPayload":{"bytes_sent":"11384","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33570},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821047175Z","packets_sent":"86","reporter":"DEST","rtt_msec":"230","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469473010Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjy","jsonPayload":{"bytes_sent":"272063","connection":{"dest_ip":"203.0.113.134","dest_port":33554,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565131125Z","packets_sent":"247","reporter":"SRC","rtt_msec":"224","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143837873Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjv","jsonPayload":{"bytes_sent":"1791","connection":{"dest_ip":"203.0.113.27","dest_port":53706,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:50.822333871Z","packets_sent":"7","reporter":"SRC","rtt_msec":"43","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:50.703302550Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkh","jsonPayload":{"bytes_sent":"18295","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33858},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789039435Z","packets_sent":"118","reporter":"DEST","rtt_msec":"253","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458515996Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkg","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":33064},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:40.243022993Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:40.125336665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk7","jsonPayload":{"bytes_sent":"165290","connection":{"dest_ip":"10.87.40.76","dest_port":33556,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"251","reporter":"DEST","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk9","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":53706},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:50.822333871Z","packets_sent":"7","reporter":"DEST","rtt_msec":"43","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:50.703302550Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkj","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":52260},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:11.183868408Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:11.063146265Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdki","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34090,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:37.827345444Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:37.712749588Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkd","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":34178,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:46:51.355687385Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:46:51.237256499Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdjw","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":33064,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:40.243022993Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:40.125336665Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk3","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":34906},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:50.757255245Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:50.642206049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkb","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.12","dest_port":58216,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:36.982303071Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:36.865198297Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk4","jsonPayload":{"bytes_sent":"60222","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33534},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597279654Z","packets_sent":"361","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075756033Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkf","jsonPayload":{"bytes_sent":"61810","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33510},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"358","reporter":"SRC","rtt_msec":"16","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500418290Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkl","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":58216},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:36.982303071Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:36.865198297Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk2","jsonPayload":{"bytes_sent":"136558","connection":{"dest_ip":"10.87.40.76","dest_port":33510,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565335113Z","packets_sent":"243","reporter":"DEST","rtt_msec":"16","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500418290Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdko","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":34906,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:50.757255245Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:50.642206049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdke","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":52454,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:40.888804332Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:40.779893091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdka","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34090},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:46:37.827345444Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:46:37.712749588Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdkn","jsonPayload":{"bytes_sent":"170396","connection":{"dest_ip":"10.87.40.76","dest_port":33530,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565300944Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140119099Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk5","jsonPayload":{"bytes_sent":"171610","connection":{"dest_ip":"203.0.113.134","dest_port":33570,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821129119Z","packets_sent":"71","reporter":"SRC","rtt_msec":"230","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.469473010Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"bnj3cofh3cdk6","jsonPayload":{"bytes_sent":"15186","connection":{"dest_ip":"203.0.113.134","dest_port":33858,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933164456Z","packets_sent":"75","reporter":"SRC","rtt_msec":"253","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458515996Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:13.921248755Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:13.921248755Z"} +{"insertId":"y4wffpfk2ero3","jsonPayload":{"bytes_sent":"208416","connection":{"dest_ip":"203.0.113.134","dest_port":33590,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565116665Z","packets_sent":"249","reporter":"SRC","rtt_msec":"109","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147151100Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroh","jsonPayload":{"bytes_sent":"90977","connection":{"dest_ip":"192.0.2.177","dest_port":60108,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:54.108975753Z","packets_sent":"357","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.762958327Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erom","jsonPayload":{"bytes_sent":"187301","connection":{"dest_ip":"203.0.113.134","dest_port":33536,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565156020Z","packets_sent":"242","reporter":"SRC","rtt_msec":"194","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150481417Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero9","jsonPayload":{"bytes_sent":"139106","connection":{"dest_ip":"10.87.40.76","dest_port":33560,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"244","reporter":"DEST","rtt_msec":"11","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075859688Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erog","jsonPayload":{"bytes_sent":"1733360","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60108},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:54.108975753Z","packets_sent":"708","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.762958327Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero7","jsonPayload":{"bytes_sent":"149157","connection":{"dest_ip":"203.0.113.134","dest_port":33874,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933099658Z","packets_sent":"74","reporter":"SRC","rtt_msec":"142","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.513551480Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroe","jsonPayload":{"bytes_sent":"11108","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965119632Z","packets_sent":"95","reporter":"DEST","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480430427Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroa","jsonPayload":{"bytes_sent":"67337","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33590},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565116665Z","packets_sent":"351","reporter":"DEST","rtt_msec":"109","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.147151100Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroi","jsonPayload":{"bytes_sent":"136375","connection":{"dest_ip":"10.87.40.76","dest_port":33538,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"246","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero8","jsonPayload":{"bytes_sent":"181424","connection":{"dest_ip":"203.0.113.134","dest_port":33690,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.393929808Z","packets_sent":"241","reporter":"SRC","rtt_msec":"196","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075867049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erol","jsonPayload":{"bytes_sent":"9303","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33874},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933099658Z","packets_sent":"94","reporter":"DEST","rtt_msec":"142","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.513551480Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero4","jsonPayload":{"bytes_sent":"142871","connection":{"dest_ip":"203.0.113.134","dest_port":33572,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821149051Z","packets_sent":"77","reporter":"SRC","rtt_msec":"335","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470754779Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eror","jsonPayload":{"bytes_sent":"158811","connection":{"dest_ip":"203.0.113.134","dest_port":33968,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965119632Z","packets_sent":"69","reporter":"SRC","rtt_msec":"201","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480430427Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erob","jsonPayload":{"bytes_sent":"13455","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33880},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821047175Z","packets_sent":"81","reporter":"DEST","rtt_msec":"252","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470071135Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erox","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.12","dest_port":57300,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:22.156322353Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:22.044604322Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroc","jsonPayload":{"bytes_sent":"71014","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65315},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220720811Z","packets_sent":"728","reporter":"DEST","rtt_msec":"210","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.844068405Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erok","jsonPayload":{"bytes_sent":"60749","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33538},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eros","jsonPayload":{"bytes_sent":"160451","connection":{"dest_ip":"203.0.113.134","dest_port":33880,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821138391Z","packets_sent":"66","reporter":"SRC","rtt_msec":"252","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470071135Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erod","jsonPayload":{"bytes_sent":"169173","connection":{"dest_ip":"10.87.40.76","dest_port":33574,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"64","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466811088Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero6","jsonPayload":{"bytes_sent":"118762","connection":{"dest_ip":"203.0.113.58","dest_port":65315,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220720811Z","packets_sent":"615","reporter":"SRC","rtt_msec":"210","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.844068405Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eron","jsonPayload":{"bytes_sent":"11137","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33576},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"96","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510464198Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroy","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":57300},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:22.156322353Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:22.044604322Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erof","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.12","dest_port":54662,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:12.142682672Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:12.027895189Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erov","jsonPayload":{"bytes_sent":"11674","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33572},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"96","reporter":"DEST","rtt_msec":"335","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470754779Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erop","jsonPayload":{"bytes_sent":"62831","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33540},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789112562Z","packets_sent":"346","reporter":"DEST","rtt_msec":"313","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074813982Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erou","jsonPayload":{"bytes_sent":"15169","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33574},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"93","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466811088Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroj","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":54662},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:12.142682672Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:12.027895189Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erow","jsonPayload":{"bytes_sent":"64588","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33560},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"11","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075859688Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2erot","jsonPayload":{"bytes_sent":"67315","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565156020Z","packets_sent":"354","reporter":"DEST","rtt_msec":"194","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150481417Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroq","jsonPayload":{"bytes_sent":"175633","connection":{"dest_ip":"10.87.40.76","dest_port":33576,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"67","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510464198Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2ero5","jsonPayload":{"bytes_sent":"116981","connection":{"dest_ip":"203.0.113.134","dest_port":33540,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789112562Z","packets_sent":"234","reporter":"SRC","rtt_msec":"313","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074813982Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"y4wffpfk2eroo","jsonPayload":{"bytes_sent":"67789","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33690},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:48.542406314Z","packets_sent":"344","reporter":"DEST","rtt_msec":"196","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075867049Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.453102376Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.453102376Z"} +{"insertId":"ptjoddfhmrhg9","jsonPayload":{"bytes_sent":"136166","connection":{"dest_ip":"203.0.113.134","dest_port":33538,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565124617Z","packets_sent":"245","reporter":"SRC","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074952616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgh","jsonPayload":{"bytes_sent":"68262","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65257},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220614265Z","packets_sent":"718","reporter":"DEST","rtt_msec":"220","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.403388091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgj","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":52328},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:20.952481728Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:20.842840991Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgr","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":59790},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:50.702194466Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:50.590894439Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgn","jsonPayload":{"bytes_sent":"73681","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65317},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"728","reporter":"DEST","rtt_msec":"62","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.740491697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhga","jsonPayload":{"bytes_sent":"92566","connection":{"dest_ip":"203.0.113.58","dest_port":65317,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"596","reporter":"SRC","rtt_msec":"62","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.740491697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgk","jsonPayload":{"bytes_sent":"66094","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33692},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565137912Z","packets_sent":"360","reporter":"DEST","rtt_msec":"181","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.558259934Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgm","jsonPayload":{"bytes_sent":"4900","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65262},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220741828Z","packets_sent":"542","reporter":"DEST","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.251430011Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgd","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":52328,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:20.952481728Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:20.842840991Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgl","jsonPayload":{"bytes_sent":"63280","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33552},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213081491Z","packets_sent":"361","reporter":"DEST","rtt_msec":"21","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075957044Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgi","jsonPayload":{"bytes_sent":"774029","connection":{"dest_ip":"198.51.100.239","dest_port":37292,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":24940,"city":"Bucharest","continent":"Europe","country":"rou","region":"Bucharest"},"end_time":"2019-06-14T03:49:35.841633589Z","packets_sent":"403","reporter":"SRC","rtt_msec":"102","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:35.048156283Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgo","jsonPayload":{"bytes_sent":"359272","connection":{"dest_ip":"10.87.40.76","dest_port":33876,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933338264Z","packets_sent":"66","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466706102Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgp","jsonPayload":{"bytes_sent":"310476","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.239","src_port":37292},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:35.841633589Z","packets_sent":"214","reporter":"DEST","rtt_msec":"102","src_location":{"asn":24940,"city":"Bucharest","continent":"Europe","country":"rou","region":"Bucharest"},"start_time":"2019-06-14T03:40:35.048156283Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhg8","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"198.51.100.107","dest_port":59790,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:50.702194466Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:50.590894439Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgf","jsonPayload":{"bytes_sent":"209716","connection":{"dest_ip":"203.0.113.134","dest_port":33552,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.213081491Z","packets_sent":"262","reporter":"SRC","rtt_msec":"21","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075957044Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgg","jsonPayload":{"bytes_sent":"165643","connection":{"dest_ip":"203.0.113.134","dest_port":33556,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565214145Z","packets_sent":"256","reporter":"SRC","rtt_msec":"133","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:03.062674441Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgb","jsonPayload":{"bytes_sent":"65890","connection":{"dest_ip":"203.0.113.58","dest_port":65257,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220614265Z","packets_sent":"593","reporter":"SRC","rtt_msec":"220","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.403388091Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgs","jsonPayload":{"bytes_sent":"62620","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33538},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565124617Z","packets_sent":"358","reporter":"DEST","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074952616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhge","jsonPayload":{"bytes_sent":"185520","connection":{"dest_ip":"203.0.113.134","dest_port":33692,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565137912Z","packets_sent":"249","reporter":"SRC","rtt_msec":"181","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.558259934Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgc","jsonPayload":{"bytes_sent":"33269","connection":{"dest_ip":"203.0.113.58","dest_port":65262,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220741828Z","packets_sent":"517","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.251430011Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhg7","jsonPayload":{"bytes_sent":"58811","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33556},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565214145Z","packets_sent":"358","reporter":"DEST","rtt_msec":"133","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:03.062674441Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"ptjoddfhmrhgq","jsonPayload":{"bytes_sent":"5220","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33876},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933338264Z","packets_sent":"86","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466706102Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:15.857334727Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:15.857334727Z"} +{"insertId":"bxuq05fhgmw9d","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":41818},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:13.478093057Z","packets_sent":"4","reporter":"DEST","rtt_msec":"1350","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:11.031370298Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw90","jsonPayload":{"bytes_sent":"4580","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33524},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461240929Z","packets_sent":"60","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.789945697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8w","jsonPayload":{"bytes_sent":"270437","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65322},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:55.408936364Z","packets_sent":"668","reporter":"DEST","rtt_msec":"92","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.703392247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw94","jsonPayload":{"bytes_sent":"19019","connection":{"dest_ip":"203.0.113.58","dest_port":65322,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:55.408936364Z","packets_sent":"604","reporter":"SRC","rtt_msec":"92","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.703392247Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8x","jsonPayload":{"bytes_sent":"16208","connection":{"dest_ip":"10.87.40.76","dest_port":33568,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789269849Z","packets_sent":"80","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.455711202Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8v","jsonPayload":{"bytes_sent":"9800","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789269849Z","packets_sent":"120","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.455711202Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8z","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58026},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:09.114674887Z","packets_sent":"7","reporter":"DEST","rtt_msec":"40","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:08.995009558Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9b","jsonPayload":{"bytes_sent":"19506","connection":{"dest_ip":"10.87.40.76","dest_port":33564,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597223164Z","packets_sent":"180","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866699945Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8y","jsonPayload":{"bytes_sent":"1496","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":32882},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:07.811355936Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:07.689331553Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9e","jsonPayload":{"bytes_sent":"155675","connection":{"dest_ip":"192.0.2.177","dest_port":60126,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.101129310Z","packets_sent":"288","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.019841536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw98","jsonPayload":{"bytes_sent":"1791","connection":{"dest_ip":"203.0.113.27","dest_port":32882,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:07.811355936Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:07.689331553Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw96","jsonPayload":{"bytes_sent":"28304484","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.212","src_port":39568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:02.085146013Z","packets_sent":"2400","reporter":"DEST","rtt_msec":"15","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:00.480787267Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw99","jsonPayload":{"bytes_sent":"2962242","connection":{"dest_ip":"203.0.113.212","dest_port":39568,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:02.085146013Z","packets_sent":"1340","reporter":"SRC","rtt_msec":"15","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.480787267Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw93","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58026,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:09.114674887Z","packets_sent":"7","reporter":"SRC","rtt_msec":"40","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:08.995009558Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9f","jsonPayload":{"bytes_sent":"9611","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33874},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933323342Z","packets_sent":"101","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510575555Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9j","jsonPayload":{"bytes_sent":"318481","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33564},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597223164Z","packets_sent":"181","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866699945Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw97","jsonPayload":{"bytes_sent":"139359","connection":{"dest_ip":"10.87.40.76","dest_port":33874,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933323342Z","packets_sent":"70","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510575555Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9i","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60640},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:50.942543211Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:42:50.830164366Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9c","jsonPayload":{"bytes_sent":"45","connection":{"dest_ip":"198.51.100.182","dest_port":41818,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:43:16.809366809Z","packets_sent":"9","reporter":"SRC","rtt_msec":"1350","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:11.031370298Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9h","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":60640,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:42:50.942543211Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:50.830164366Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw92","jsonPayload":{"bytes_sent":"358920","connection":{"dest_ip":"10.87.40.76","dest_port":33966,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"61","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510534141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw8u","jsonPayload":{"bytes_sent":"653827","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53104},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:45.312543839Z","packets_sent":"286","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.188944581Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9g","jsonPayload":{"bytes_sent":"5220","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33966},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"81","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510534141Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw91","jsonPayload":{"bytes_sent":"31140","connection":{"dest_ip":"10.87.40.76","dest_port":33524,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.461240929Z","packets_sent":"40","reporter":"DEST","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:24.789945697Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw95","jsonPayload":{"bytes_sent":"1610630","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60126},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.101129310Z","packets_sent":"509","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.019841536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"bxuq05fhgmw9a","jsonPayload":{"bytes_sent":"37145","connection":{"dest_ip":"198.51.100.88","dest_port":53104,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:45.312543839Z","packets_sent":"158","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.188944581Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:16.593800036Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:16.593800036Z"} +{"insertId":"198begsfh44xy3","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":53972},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:20.748121914Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:20.634231041Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxt","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58100},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:20.632737426Z","packets_sent":"7","reporter":"DEST","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:20.512264850Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58100,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:20.632777660Z","packets_sent":"7","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:20.512407536Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy9","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"198.51.100.107","dest_port":60756,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:11.032929292Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:10.912193869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxr","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":14236},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:12.064908439Z","packets_sent":"3","reporter":"DEST","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:08.247072525Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy2","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.27","dest_port":60122,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:39.207635184Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:39.087226326Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy6","jsonPayload":{"bytes_sent":"1782","connection":{"dest_ip":"203.0.113.12","dest_port":53972,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:20.748121914Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:20.634231041Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxx","jsonPayload":{"bytes_sent":"68545","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33530},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.205089801Z","packets_sent":"368","reporter":"DEST","rtt_msec":"163","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140301693Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy4","jsonPayload":{"bytes_sent":"74613","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65274},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"745","reporter":"DEST","rtt_msec":"209","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:01.270996793Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy1","jsonPayload":{"bytes_sent":"74942","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":53879},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"726","reporter":"DEST","rtt_msec":"176","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760414869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxp","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34450},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:38.299054333Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:38.189569840Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxv","jsonPayload":{"bytes_sent":"121593","connection":{"dest_ip":"203.0.113.58","dest_port":65274,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220838853Z","packets_sent":"610","reporter":"SRC","rtt_msec":"209","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.270996793Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy7","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:39.777977145Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:39.653136947Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxs","jsonPayload":{"bytes_sent":"177471","connection":{"dest_ip":"203.0.113.134","dest_port":33530,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:52.205194199Z","packets_sent":"246","reporter":"SRC","rtt_msec":"163","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140301693Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxq","jsonPayload":{"bytes_sent":"53315","connection":{"dest_ip":"203.0.113.58","dest_port":65275,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316847800Z","packets_sent":"588","reporter":"SRC","rtt_msec":"82","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.565734921Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxz","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34450,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:38.299054333Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:38.189569840Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxy","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":60122},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:39.207635184Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:39.087226326Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxu","jsonPayload":{"bytes_sent":"102119","connection":{"dest_ip":"203.0.113.58","dest_port":53879,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.312105537Z","packets_sent":"608","reporter":"SRC","rtt_msec":"176","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760414869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxo","jsonPayload":{"bytes_sent":"1794","connection":{"dest_ip":"203.0.113.27","dest_port":60968,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:39.777977145Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:39.653136947Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy0","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":60756},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:11.032929292Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:10.912193869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xxw","jsonPayload":{"bytes_sent":"67013","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65275},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316847800Z","packets_sent":"710","reporter":"DEST","rtt_msec":"82","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.565734921Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"198begsfh44xy5","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"198.51.100.182","dest_port":14236,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:40:09.257387426Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.247072525Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.291787305Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.291787305Z"} +{"insertId":"19im82tfdygznq","jsonPayload":{"bytes_sent":"64427","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33542},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"351","reporter":"DEST","rtt_msec":"173","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150870105Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn6","jsonPayload":{"bytes_sent":"183366","connection":{"dest_ip":"10.87.40.76","dest_port":33690,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"242","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075665334Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznk","jsonPayload":{"bytes_sent":"185295","connection":{"dest_ip":"10.87.40.76","dest_port":33562,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:49.549471457Z","packets_sent":"244","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznm","jsonPayload":{"bytes_sent":"68961","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":49438},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220725956Z","packets_sent":"711","reporter":"DEST","rtt_msec":"114","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.398463104Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzob","jsonPayload":{"bytes_sent":"62072","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33532},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"360","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072372604Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznc","jsonPayload":{"bytes_sent":"198326","connection":{"dest_ip":"10.87.40.76","dest_port":33590,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"246","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.146956782Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznj","jsonPayload":{"bytes_sent":"61436","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33550},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"362","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo5","jsonPayload":{"bytes_sent":"66791","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33690},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"355","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.075665334Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzod","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":54812},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:20.708994883Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:45:20.595119257Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzna","jsonPayload":{"bytes_sent":"64466","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33562},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:49.549471457Z","packets_sent":"363","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzng","jsonPayload":{"bytes_sent":"174524","connection":{"dest_ip":"10.87.40.76","dest_port":33968,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965294083Z","packets_sent":"66","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480272197Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo1","jsonPayload":{"bytes_sent":"181624065","connection":{"dest_ip":"10.49.136.133","dest_port":52780,"protocol":6,"src_ip":"203.0.113.228","src_port":9243},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:58.592579489Z","packets_sent":"28344","reporter":"DEST","rtt_msec":"91","src_location":{"asn":16509,"city":"Boardman","continent":"America","country":"usa","region":"Oregon"},"start_time":"2019-06-14T03:40:17.183499423Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo8","jsonPayload":{"bytes_sent":"1460","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":51348},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:20.754300982Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:20.630975303Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoa","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"192.0.2.12","dest_port":44128,"protocol":6,"src_ip":"10.73.186.17","src_port":22},"dest_location":{"asn":4837,"city":"Binzhou","continent":"Asia","country":"chn","region":"Shandong"},"end_time":"2019-06-14T03:45:22.081121292Z","packets_sent":"1","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:22.080963433Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn7","jsonPayload":{"bytes_sent":"11137","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33968},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.965294083Z","packets_sent":"95","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.480272197Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznf","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"198.51.100.107","dest_port":54812,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:45:20.708994883Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:45:20.595119257Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzni","jsonPayload":{"bytes_sent":"21792","connection":{"dest_ip":"203.0.113.134","dest_port":33564,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597079770Z","packets_sent":"186","reporter":"SRC","rtt_msec":"340","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866944869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzns","jsonPayload":{"bytes_sent":"74370","connection":{"dest_ip":"203.0.113.58","dest_port":49438,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220725956Z","packets_sent":"580","reporter":"SRC","rtt_msec":"114","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.398463104Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznp","jsonPayload":{"bytes_sent":"138337","connection":{"dest_ip":"10.87.40.76","dest_port":33550,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"244","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500498059Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo9","jsonPayload":{"bytes_sent":"30062","connection":{"dest_ip":"192.0.2.177","dest_port":60110,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:46.020466750Z","packets_sent":"124","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:10.874529937Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo3","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":51348,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:20.754300982Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:20.630975303Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznz","jsonPayload":{"bytes_sent":"152218","connection":{"dest_ip":"203.0.113.134","dest_port":33560,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565026127Z","packets_sent":"243","reporter":"SRC","rtt_msec":"116","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.076060079Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo4","jsonPayload":{"bytes_sent":"143085","connection":{"dest_ip":"203.0.113.134","dest_port":33510,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565078274Z","packets_sent":"249","reporter":"SRC","rtt_msec":"352","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074688714Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznt","jsonPayload":{"bytes_sent":"61245","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33510},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565078274Z","packets_sent":"356","reporter":"DEST","rtt_msec":"352","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.074688714Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznu","jsonPayload":{"bytes_sent":"65919","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33532},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"361","reporter":"DEST","rtt_msec":"270","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072555233Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo6","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"198.51.100.182","dest_port":41822,"protocol":6,"src_ip":"10.139.99.242","src_port":22},"dest_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"end_time":"2019-06-14T03:40:40.058368408Z","packets_sent":"4","reporter":"SRC","rtt_msec":"1439","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:12.068494835Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzno","jsonPayload":{"bytes_sent":"188997","connection":{"dest_ip":"203.0.113.134","dest_port":33532,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"251","reporter":"SRC","rtt_msec":"270","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072555233Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo0","jsonPayload":{"bytes_sent":"16783","connection":{"dest_ip":"203.0.113.134","dest_port":33568,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789035952Z","packets_sent":"79","reporter":"SRC","rtt_msec":"506","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.456732113Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznd","jsonPayload":{"bytes_sent":"18120","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33858},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"120","reporter":"SRC","rtt_msec":"4","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458361534Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn8","jsonPayload":{"bytes_sent":"64071","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33558},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"368","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140109489Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznw","jsonPayload":{"bytes_sent":"175465","connection":{"dest_ip":"198.51.100.88","dest_port":53106,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.401543207Z","packets_sent":"337","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.020290305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo2","jsonPayload":{"bytes_sent":"1987804","connection":{"dest_ip":"203.0.113.228","dest_port":9243,"protocol":6,"src_ip":"10.49.136.133","src_port":52780},"dest_location":{"asn":16509,"city":"Boardman","continent":"America","country":"usa","region":"Oregon"},"end_time":"2019-06-14T03:49:58.592579489Z","packets_sent":"26428","reporter":"SRC","rtt_msec":"91","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"simianhacker-demo","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:17.183499423Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzn9","jsonPayload":{"bytes_sent":"206824","connection":{"dest_ip":"10.87.40.76","dest_port":33532,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565272745Z","packets_sent":"242","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.072372604Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznh","jsonPayload":{"bytes_sent":"14287","connection":{"dest_ip":"10.87.40.76","dest_port":33858,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"80","reporter":"DEST","rtt_msec":"4","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.458361534Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzny","jsonPayload":{"bytes_sent":"59376","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33550},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108649Z","packets_sent":"354","reporter":"DEST","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.496238286Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoe","jsonPayload":{"bytes_sent":"11214","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33568},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789035952Z","packets_sent":"120","reporter":"DEST","rtt_msec":"506","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.456732113Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznn","jsonPayload":{"bytes_sent":"1763338","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53106},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.401543207Z","packets_sent":"598","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.020290305Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznl","jsonPayload":{"bytes_sent":"67239","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33590},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565287007Z","packets_sent":"363","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.146956782Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznv","jsonPayload":{"bytes_sent":"250327","connection":{"dest_ip":"10.87.40.76","dest_port":33558,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"247","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.140109489Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzoc","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.73.186.17","dest_port":22,"protocol":6,"src_ip":"192.0.2.12","src_port":44128},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:45:22.318564382Z","packets_sent":"2","reporter":"DEST","src_location":{"asn":4837,"city":"Binzhou","continent":"Asia","country":"chn","region":"Shandong"},"start_time":"2019-06-14T03:45:22.080963433Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzof","jsonPayload":{"bytes_sent":"266531","connection":{"dest_ip":"203.0.113.134","dest_port":33542,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108524Z","packets_sent":"253","reporter":"SRC","rtt_msec":"173","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150870105Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznr","jsonPayload":{"bytes_sent":"65184","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33560},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565026127Z","packets_sent":"358","reporter":"DEST","rtt_msec":"116","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:06.076060079Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznx","jsonPayload":{"bytes_sent":"319459","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33564},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.597079770Z","packets_sent":"180","reporter":"DEST","rtt_msec":"340","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.866944869Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzo7","jsonPayload":{"bytes_sent":"519100","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"192.0.2.177","src_port":60110},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:46.020466750Z","packets_sent":"224","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"suricata-iowa","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:10.874529937Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygznb","jsonPayload":{"bytes_sent":"139513","connection":{"dest_ip":"203.0.113.134","dest_port":33550,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565108649Z","packets_sent":"243","reporter":"SRC","rtt_msec":"250","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:02.143811431Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"19im82tfdygzne","jsonPayload":{"bytes_sent":"0","connection":{"dest_ip":"10.139.99.242","dest_port":22,"protocol":6,"src_ip":"198.51.100.182","src_port":41822},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:40.058226439Z","packets_sent":"8","reporter":"DEST","rtt_msec":"1439","src_location":{"asn":4837,"city":"Shangqiu","continent":"Asia","country":"chn","region":"Henan"},"start_time":"2019-06-14T03:40:12.068494835Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.553477088Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.553477088Z"} +{"insertId":"1gq7q7afe373fw","jsonPayload":{"bytes_sent":"11109","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33572},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"105","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466742414Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373et","jsonPayload":{"bytes_sent":"173496","connection":{"dest_ip":"203.0.113.134","dest_port":33970,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821154389Z","packets_sent":"81","reporter":"SRC","rtt_msec":"308","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470006631Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f4","jsonPayload":{"bytes_sent":"182861","connection":{"dest_ip":"10.87.40.76","dest_port":33536,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"245","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150282980Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eo","jsonPayload":{"bytes_sent":"12145","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33570},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"94","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466779642Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fb","jsonPayload":{"bytes_sent":"178669","connection":{"dest_ip":"203.0.113.58","dest_port":65319,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220617595Z","packets_sent":"634","reporter":"SRC","rtt_msec":"62","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.740597880Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fs","jsonPayload":{"bytes_sent":"62066","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33540},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"359","reporter":"SRC","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ei","jsonPayload":{"bytes_sent":"13440","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33970},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"96","reporter":"DEST","rtt_msec":"308","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.470006631Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ez","jsonPayload":{"bytes_sent":"368131","connection":{"dest_ip":"203.0.113.134","dest_port":33966,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:50.800931420Z","packets_sent":"76","reporter":"SRC","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510698570Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fh","jsonPayload":{"bytes_sent":"66258","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565319136Z","packets_sent":"365","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.150282980Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373es","jsonPayload":{"bytes_sent":"76976","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65276},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220621567Z","packets_sent":"749","reporter":"DEST","rtt_msec":"156","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760349279Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fu","jsonPayload":{"bytes_sent":"72967","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65319},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220617595Z","packets_sent":"747","reporter":"DEST","rtt_msec":"62","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.740597880Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f2","jsonPayload":{"bytes_sent":"1464","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":50364},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:40:08.797851544Z","packets_sent":"9","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:40:08.412738626Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ee","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"203.0.113.27","dest_port":50364,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:40:08.797851544Z","packets_sent":"8","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.412738626Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ey","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":33126},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:44:50.919744677Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:44:50.809605761Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373e7","jsonPayload":{"bytes_sent":"73215","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65318},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"747","reporter":"DEST","rtt_msec":"96","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760345858Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f8","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"203.0.113.12","dest_port":53096,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:43:20.813699795Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:43:20.700692281Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ec","jsonPayload":{"bytes_sent":"176465","connection":{"dest_ip":"10.87.40.76","dest_port":33570,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821302149Z","packets_sent":"65","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466779642Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f5","jsonPayload":{"bytes_sent":"1776","connection":{"dest_ip":"203.0.113.27","dest_port":33126,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:44:50.919744677Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:44:50.809605761Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f6","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":56478},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:20.566586739Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:20.450631492Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fo","jsonPayload":{"bytes_sent":"32764","connection":{"dest_ip":"198.51.100.88","dest_port":52430,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:53.081386115Z","packets_sent":"228","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:07.968717244Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ek","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"203.0.113.27","dest_port":34536,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:51.162931667Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:51.050074134Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fj","jsonPayload":{"bytes_sent":"137855","connection":{"dest_ip":"10.87.40.76","dest_port":33572,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821291282Z","packets_sent":"72","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466742414Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fm","jsonPayload":{"bytes_sent":"125197","connection":{"dest_ip":"10.87.40.76","dest_port":33540,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.789258875Z","packets_sent":"242","reporter":"DEST","rtt_msec":"2","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.500483335Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eg","jsonPayload":{"bytes_sent":"917832","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":53096},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.219496168Z","packets_sent":"230","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.853096315Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fc","jsonPayload":{"bytes_sent":"55572","connection":{"dest_ip":"198.51.100.88","dest_port":53096,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.219496168Z","packets_sent":"133","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:01.853096315Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373eq","jsonPayload":{"bytes_sent":"4615","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33966},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821049800Z","packets_sent":"75","reporter":"DEST","rtt_msec":"0","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:20.510698570Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ev","jsonPayload":{"bytes_sent":"75612","connection":{"dest_ip":"203.0.113.58","dest_port":65318,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220599950Z","packets_sent":"583","reporter":"SRC","rtt_msec":"96","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760345858Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373em","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.27","src_port":34536},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:51.162931667Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:51.050074134Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ew","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":56478,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:20.566586739Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:20.450631492Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373e9","jsonPayload":{"bytes_sent":"64140","connection":{"dest_ip":"198.51.100.248","dest_port":9200,"protocol":6,"src_ip":"10.87.40.76","src_port":33694},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"371","reporter":"SRC","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566359759Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f9","jsonPayload":{"bytes_sent":"1458","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":53096},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:43:20.813699795Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:43:20.700692281Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373f1","jsonPayload":{"bytes_sent":"231764","connection":{"dest_ip":"10.87.40.76","dest_port":33694,"protocol":6,"src_ip":"198.51.100.248","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:59.565311154Z","packets_sent":"251","reporter":"DEST","rtt_msec":"1","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:05.566359759Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373ff","jsonPayload":{"bytes_sent":"107878","connection":{"dest_ip":"203.0.113.58","dest_port":65276,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.220621567Z","packets_sent":"614","reporter":"SRC","rtt_msec":"156","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760349279Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"1gq7q7afe373fq","jsonPayload":{"bytes_sent":"595838","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"198.51.100.88","src_port":52430},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:53.081386115Z","packets_sent":"299","reporter":"DEST","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-central1","vm_name":"zeek-nsm","zone":"us-central1-a"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:07.968717244Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:17.76361854Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:17.76361854Z"} +{"insertId":"14iipwlfd8t01n","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":56410,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:47:10.630345069Z","packets_sent":"7","reporter":"SRC","rtt_msec":"37","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:47:10.514594429Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01j","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":51950,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:50.757658840Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:50.645030007Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01o","jsonPayload":{"bytes_sent":"361966","connection":{"dest_ip":"203.0.113.134","dest_port":33876,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933154111Z","packets_sent":"80","reporter":"SRC","rtt_msec":"34","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466868771Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01p","jsonPayload":{"bytes_sent":"1457","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":51950},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:50.757658840Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:50.645030007Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01e","jsonPayload":{"bytes_sent":"1781","connection":{"dest_ip":"192.0.2.117","dest_port":58658,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:49:50.856250208Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:49:50.733935895Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01q","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"203.0.113.12","src_port":59924},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:41:08.213471928Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:41:08.092659117Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01i","jsonPayload":{"bytes_sent":"1461","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"192.0.2.117","src_port":58658},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:50.856250208Z","packets_sent":"7","reporter":"DEST","rtt_msec":"36","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:49:50.733935895Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01k","jsonPayload":{"bytes_sent":"123732","connection":{"dest_ip":"203.0.113.58","dest_port":65272,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316981133Z","packets_sent":"618","reporter":"SRC","rtt_msec":"123","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:39:59.403442252Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01f","jsonPayload":{"bytes_sent":"76342","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65273},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316930467Z","packets_sent":"710","reporter":"DEST","rtt_msec":"115","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.155378287Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t018","jsonPayload":{"bytes_sent":"9761","connection":{"dest_ip":"192.0.2.73","dest_port":45224,"protocol":6,"src_ip":"10.73.186.17","src_port":22},"dest_location":{"asn":4847,"city":"Beijing","continent":"Asia","country":"chn","region":"Beijing"},"end_time":"2019-06-14T03:44:23.955039461Z","packets_sent":"13","reporter":"SRC","rtt_msec":"242","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:42:23.705320616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01a","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":56410},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:47:10.630345069Z","packets_sent":"7","reporter":"DEST","rtt_msec":"37","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:47:10.514594429Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t017","jsonPayload":{"bytes_sent":"51612","connection":{"dest_ip":"203.0.113.58","dest_port":65277,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316890309Z","packets_sent":"615","reporter":"SRC","rtt_msec":"95","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.760385211Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01m","jsonPayload":{"bytes_sent":"74330","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65272},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316981133Z","packets_sent":"745","reporter":"DEST","rtt_msec":"123","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:39:59.403442252Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t015","jsonPayload":{"bytes_sent":"1784","connection":{"dest_ip":"203.0.113.12","dest_port":59924,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:41:08.213471928Z","packets_sent":"7","reporter":"SRC","rtt_msec":"36","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:41:08.092659117Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01h","jsonPayload":{"bytes_sent":"76622","connection":{"dest_ip":"203.0.113.58","dest_port":65273,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"end_time":"2019-06-14T03:49:56.316930467Z","packets_sent":"599","reporter":"SRC","rtt_msec":"115","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:00.155378287Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t019","jsonPayload":{"bytes_sent":"42","connection":{"dest_ip":"10.73.186.17","dest_port":22,"protocol":6,"src_ip":"192.0.2.73","src_port":45224},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"infraops-docker-data","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:42:24.922448897Z","packets_sent":"5","reporter":"DEST","rtt_msec":"242","src_location":{"asn":4847,"city":"Beijing","continent":"Asia","country":"chn","region":"Beijing"},"start_time":"2019-06-14T03:42:23.705320616Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t016","jsonPayload":{"bytes_sent":"75263","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.58","src_port":65277},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:56.316890309Z","packets_sent":"729","reporter":"DEST","rtt_msec":"95","src_location":{"asn":33652,"city":"Broomfield","continent":"America","country":"usa","region":"Colorado"},"start_time":"2019-06-14T03:40:00.760385211Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01c","jsonPayload":{"bytes_sent":"1780","connection":{"dest_ip":"198.51.100.107","dest_port":34646,"protocol":6,"src_ip":"10.87.40.76","src_port":5601},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"end_time":"2019-06-14T03:48:10.529592195Z","packets_sent":"7","reporter":"SRC","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:48:10.413494375Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01d","jsonPayload":{"bytes_sent":"1467","connection":{"dest_ip":"10.87.40.76","dest_port":5601,"protocol":6,"src_ip":"198.51.100.107","src_port":34646},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:48:10.529541195Z","packets_sent":"7","reporter":"DEST","src_location":{"asn":15169,"continent":"America","country":"usa"},"start_time":"2019-06-14T03:48:10.413397239Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01g","jsonPayload":{"bytes_sent":"5044","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33876},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:37.933154111Z","packets_sent":"87","reporter":"DEST","rtt_msec":"34","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.466868771Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01l","jsonPayload":{"bytes_sent":"14132","connection":{"dest_ip":"10.139.99.242","dest_port":9200,"protocol":6,"src_ip":"203.0.113.134","src_port":33574},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821056075Z","packets_sent":"91","reporter":"DEST","rtt_msec":"509","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"src_location":{"asn":15169,"continent":"America","country":"usa"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.468484109Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} +{"insertId":"14iipwlfd8t01b","jsonPayload":{"bytes_sent":"151213","connection":{"dest_ip":"203.0.113.134","dest_port":33574,"protocol":6,"src_ip":"10.139.99.242","src_port":9200},"dest_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"kibana","zone":"us-east1-b"},"dest_location":{"asn":15169,"continent":"America","country":"usa"},"dest_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"end_time":"2019-06-14T03:49:51.821129119Z","packets_sent":"68","reporter":"SRC","rtt_msec":"509","src_instance":{"project_id":"my-sample-project","region":"us-east1","vm_name":"elasticsearch","zone":"us-east1-b"},"src_vpc":{"project_id":"my-sample-project","subnetwork_name":"default","vpc_name":"default"},"start_time":"2019-06-14T03:40:08.468484109Z"},"logName":"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows","receiveTimestamp":"2019-06-14T03:50:19.219174745Z","resource":{"labels":{"location":"us-east1-b","project_id":"my-sample-project","subnetwork_id":"758019854043528829","subnetwork_name":"default"},"type":"gce_subnetwork"},"timestamp":"2019-06-14T03:50:19.219174745Z"} diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-config.json b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-config.json new file mode 100644 index 00000000000..f71947c2f04 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-config.json @@ -0,0 +1,5 @@ +{ + "dynamic_fields": { + "event.ingested": ".*" + } +} \ No newline at end of file diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json new file mode 100644 index 00000000000..e689c9bed14 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json @@ -0,0 +1,25184 @@ +{ + "expected": [ + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 33478, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1776, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051066200Z", + "original": "{\"insertId\":\"ut8lbrffooxyw\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":33478,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:37.301953198Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:37.186193305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:37.186193305Z", + "end": "2019-06-14T03:45:37.301953198Z", + "id": "ut8lbrffooxyw", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", + "bytes": 1776, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33970, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 173663, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 68 + }, + "network": { + "community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", + "bytes": 173663, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 68, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051077900Z", + "original": "{\"insertId\":\"ut8lbrffooxzb\",\"jsonPayload\":{\"bytes_sent\":\"173663\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"68\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466657665Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "ut8lbrffooxzb", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33576, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 155707, + "packets": 78, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", + "bytes": 155707, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 78, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 201 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051085500Z", + "original": "{\"insertId\":\"ut8lbrffooxze\",\"jsonPayload\":{\"bytes_sent\":\"155707\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33576,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821143836Z\",\"packets_sent\":\"78\",\"reporter\":\"SRC\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510622432Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510622432Z", + "end": "2019-06-14T03:49:51.821143836Z", + "id": "ut8lbrffooxze", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.0.2.23" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Europe", + "country_name": "rus", + "city_name": "Saint Petersburg", + "region_name": "Saint Petersburg" + }, + "as": { + "number": 49505 + }, + "address": "192.0.2.23", + "port": 59679, + "ip": "192.0.2.23" + }, + "source": { + "address": "10.139.99.242", + "port": 22, + "bytes": 0, + "packets": 1, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051092900Z", + "original": "{\"insertId\":\"ut8lbrffooxyz\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"192.0.2.23\",\"dest_port\":59679,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":49505,\"city\":\"Saint Petersburg\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Saint Petersburg\"},\"end_time\":\"2019-06-14T03:40:46.031032701Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:45.860349247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:45.860349247Z", + "end": "2019-06-14T03:40:46.031032701Z", + "id": "ut8lbrffooxyz", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 1, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 50646, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1784, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051100200Z", + "original": "{\"insertId\":\"ut8lbrffooxz6\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":50646,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:37.048196137Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:36.895188084Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:36.895188084Z", + "end": "2019-06-14T03:40:37.048196137Z", + "id": "ut8lbrffooxz6", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", + "bytes": 1784, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 50646, + "bytes": 1464, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051107500Z", + "original": "{\"insertId\":\"ut8lbrffooxzf\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":50646},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:37.048196137Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:36.895188084Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:36.895188084Z", + "end": "2019-06-14T03:40:37.048196137Z", + "id": "ut8lbrffooxzf", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33692, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 186151, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 251 + }, + "network": { + "community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", + "bytes": 186151, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 251, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051115100Z", + "original": "{\"insertId\":\"ut8lbrffooxz1\",\"jsonPayload\":{\"bytes_sent\":\"186151\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33692,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "ut8lbrffooxz1", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33880, + "bytes": 15169, + "packets": 92, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", + "bytes": 15169, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 92, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 3 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051122400Z", + "original": "{\"insertId\":\"ut8lbrffooxyp\",\"jsonPayload\":{\"bytes_sent\":\"15169\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33880},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821308944Z\",\"packets_sent\":\"92\",\"reporter\":\"SRC\",\"rtt_msec\":\"3\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469099728Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.469099728Z", + "end": "2019-06-14T03:49:51.821308944Z", + "id": "ut8lbrffooxyp", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33554, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 250864, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 247 + }, + "network": { + "community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", + "bytes": 250864, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 247, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051129700Z", + "original": "{\"insertId\":\"ut8lbrffooxzd\",\"jsonPayload\":{\"bytes_sent\":\"250864\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33554,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"247\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500506974Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500506974Z", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "ut8lbrffooxzd", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33880, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 167939, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 63 + }, + "network": { + "community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", + "bytes": 167939, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 63, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 3 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051137Z", + "original": "{\"insertId\":\"ut8lbrffooxz8\",\"jsonPayload\":{\"bytes_sent\":\"167939\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33880,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821308944Z\",\"packets_sent\":\"63\",\"reporter\":\"DEST\",\"rtt_msec\":\"3\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469099728Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.469099728Z", + "end": "2019-06-14T03:49:51.821308944Z", + "id": "ut8lbrffooxz8", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.23", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "destination": { + "address": "10.139.99.242", + "port": 22, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "rus", + "city_name": "Saint Petersburg", + "region_name": "Saint Petersburg" + }, + "as": { + "number": 49505 + }, + "address": "192.0.2.23", + "port": 59679, + "bytes": 0, + "ip": "192.0.2.23", + "packets": 3 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051144300Z", + "original": "{\"insertId\":\"ut8lbrffooxyt\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.0.2.23\",\"src_port\":59679},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:46.031032701Z\",\"packets_sent\":\"3\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":49505,\"city\":\"Saint Petersburg\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Saint Petersburg\"},\"start_time\":\"2019-06-14T03:40:45.860349247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:45.860349247Z", + "end": "2019-06-14T03:40:46.031032701Z", + "id": "ut8lbrffooxyt", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 3, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33576, + "bytes": 11773, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 94 + }, + "network": { + "community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", + "bytes": 11773, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 94, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 201 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051152100Z", + "original": "{\"insertId\":\"ut8lbrffooxz5\",\"jsonPayload\":{\"bytes_sent\":\"11773\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33576},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"94\",\"reporter\":\"DEST\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510622432Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510622432Z", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "ut8lbrffooxz5", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33562, + "bytes": 65699, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 356 + }, + "network": { + "community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", + "bytes": 65699, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 356, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 192 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051159500Z", + "original": "{\"insertId\":\"ut8lbrffooxza\",\"jsonPayload\":{\"bytes_sent\":\"65699\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33562},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393910944Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"192\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074897435Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074897435Z", + "end": "2019-06-14T03:49:56.393910944Z", + "id": "ut8lbrffooxza", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33692, + "bytes": 66029, + "packets": 361, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", + "bytes": 66029, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 361, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051166700Z", + "original": "{\"insertId\":\"ut8lbrffooxyq\",\"jsonPayload\":{\"bytes_sent\":\"66029\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33692},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "ut8lbrffooxyq", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33542, + "bytes": 65154, + "packets": 360, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", + "bytes": 65154, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 360, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051174Z", + "original": "{\"insertId\":\"ut8lbrffooxz2\",\"jsonPayload\":{\"bytes_sent\":\"65154\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33542},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"360\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150720950Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150720950Z", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "ut8lbrffooxz2", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33970, + "bytes": 13643, + "packets": 99, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", + "bytes": 13643, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 99, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051181400Z", + "original": "{\"insertId\":\"ut8lbrffooxyo\",\"jsonPayload\":{\"bytes_sent\":\"13643\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33970},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"99\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466657665Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "ut8lbrffooxyo", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.93", + "10.49.136.133" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.49.136.133", + "port": 46864, + "domain": "simianhacker-demo", + "ip": "10.49.136.133" + }, + "source": { + "address": "203.0.113.93", + "port": 9243, + "bytes": 34509840, + "packets": 8690, + "ip": "203.0.113.93" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051188900Z", + "original": "{\"insertId\":\"ut8lbrffooxzc\",\"jsonPayload\":{\"bytes_sent\":\"34509840\",\"connection\":{\"dest_ip\":\"10.49.136.133\",\"dest_port\":46864,\"protocol\":6,\"src_ip\":\"203.0.113.93\",\"src_port\":9243},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:29.432367659Z\",\"packets_sent\":\"8690\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"start_time\":\"2019-06-14T03:40:17.343890802Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:17.343890802Z", + "end": "2019-06-14T03:49:29.432367659Z", + "id": "ut8lbrffooxzc", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", + "bytes": 34509840, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 8690, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 34836, + "bytes": 1467, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051196200Z", + "original": "{\"insertId\":\"ut8lbrffooxz7\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":34836},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:39.076420731Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:38.961050187Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:38.961050187Z", + "end": "2019-06-14T03:48:39.076420731Z", + "id": "ut8lbrffooxz7", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33554, + "bytes": 63671, + "packets": 367, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", + "bytes": 63671, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 367, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051203800Z", + "original": "{\"insertId\":\"ut8lbrffooxyu\",\"jsonPayload\":{\"bytes_sent\":\"63671\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33554},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"367\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500506974Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500506974Z", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "ut8lbrffooxyu", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 220 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65320, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 51075, + "packets": 608, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051216800Z", + "original": "{\"insertId\":\"ut8lbrffooxyv\",\"jsonPayload\":{\"bytes_sent\":\"51075\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65320,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220714119Z\",\"packets_sent\":\"608\",\"reporter\":\"SRC\",\"rtt_msec\":\"220\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.560917237Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.560917237Z", + "end": "2019-06-14T03:49:56.220714119Z", + "id": "ut8lbrffooxyv", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", + "bytes": 51075, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 608, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33562, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 197840, + "packets": 258, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", + "bytes": 197840, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 258, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 192 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051224700Z", + "original": "{\"insertId\":\"ut8lbrffooxz0\",\"jsonPayload\":{\"bytes_sent\":\"197840\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33562,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393910944Z\",\"packets_sent\":\"258\",\"reporter\":\"SRC\",\"rtt_msec\":\"192\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074897435Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074897435Z", + "end": "2019-06-14T03:49:56.393910944Z", + "id": "ut8lbrffooxz0", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.49.136.133", + "203.0.113.93" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "port": 9243, + "address": "203.0.113.93", + "ip": "203.0.113.93" + }, + "source": { + "address": "10.49.136.133", + "port": 46864, + "bytes": 173805495, + "packets": 44438, + "domain": "simianhacker-demo", + "ip": "10.49.136.133" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051232200Z", + "original": "{\"insertId\":\"ut8lbrffooxys\",\"jsonPayload\":{\"bytes_sent\":\"173805495\",\"connection\":{\"dest_ip\":\"203.0.113.93\",\"dest_port\":9243,\"protocol\":6,\"src_ip\":\"10.49.136.133\",\"src_port\":46864},\"end_time\":\"2019-06-14T03:49:58.716492806Z\",\"packets_sent\":\"44438\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:17.306085222Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:17.306085222Z", + "end": "2019-06-14T03:49:58.716492806Z", + "id": "ut8lbrffooxys", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", + "bytes": 173805495, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 44438, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 33478, + "bytes": 1468, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051256Z", + "original": "{\"insertId\":\"ut8lbrffooxyx\",\"jsonPayload\":{\"bytes_sent\":\"1468\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":33478},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:37.301953198Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:37.186193305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:37.186193305Z", + "end": "2019-06-14T03:45:37.301953198Z", + "id": "ut8lbrffooxyx", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", + "bytes": 1468, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33548, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 159704, + "packets": 241, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", + "bytes": 159704, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 241, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 50 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051263500Z", + "original": "{\"insertId\":\"ut8lbrffooxz4\",\"jsonPayload\":{\"bytes_sent\":\"159704\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33548,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393651211Z\",\"packets_sent\":\"241\",\"reporter\":\"SRC\",\"rtt_msec\":\"50\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147252064Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.147252064Z", + "end": "2019-06-14T03:49:56.393651211Z", + "id": "ut8lbrffooxz4", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 220 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65320, + "bytes": 70775, + "ip": "203.0.113.58", + "packets": 732 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051270900Z", + "original": "{\"insertId\":\"ut8lbrffooxz3\",\"jsonPayload\":{\"bytes_sent\":\"70775\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65320},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220714119Z\",\"packets_sent\":\"732\",\"reporter\":\"DEST\",\"rtt_msec\":\"220\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.560917237Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.560917237Z", + "end": "2019-06-14T03:49:56.220714119Z", + "id": "ut8lbrffooxz3", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", + "bytes": 70775, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 732, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33542, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 281147, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 246 + }, + "network": { + "community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", + "bytes": 281147, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 246, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051278200Z", + "original": "{\"insertId\":\"ut8lbrffooxz9\",\"jsonPayload\":{\"bytes_sent\":\"281147\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33542,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150720950Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150720950Z", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "ut8lbrffooxz9", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33548, + "bytes": 63590, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 340 + }, + "network": { + "community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", + "bytes": 63590, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 340, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 50 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051285600Z", + "original": "{\"insertId\":\"ut8lbrffooxyr\",\"jsonPayload\":{\"bytes_sent\":\"63590\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33548},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.537763242Z\",\"packets_sent\":\"340\",\"reporter\":\"DEST\",\"rtt_msec\":\"50\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147252064Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.147252064Z", + "end": "2019-06-14T03:49:48.537763242Z", + "id": "ut8lbrffooxyr", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 34836, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051292900Z", + "original": "{\"insertId\":\"ut8lbrffooxyy\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":34836,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:39.076420731Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:38.961050187Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:38.961050187Z", + "end": "2019-06-14T03:48:39.076420731Z", + "id": "ut8lbrffooxyy", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.165", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 233 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 22, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "vnm", + "city_name": "Vĩnh Yên", + "region_name": "Vinh Phuc Province" + }, + "as": { + "number": 45899 + }, + "address": "192.0.2.165", + "port": 59623, + "bytes": 1239, + "ip": "192.0.2.165", + "packets": 18 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051300200Z", + "original": "{\"insertId\":\"1ulp77rfdvho4g\",\"jsonPayload\":{\"bytes_sent\":\"1239\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.0.2.165\",\"src_port\":59623},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:52.361155668Z\",\"packets_sent\":\"18\",\"reporter\":\"DEST\",\"rtt_msec\":\"233\",\"src_location\":{\"asn\":45899,\"city\":\"Vĩnh Yên\",\"continent\":\"Asia\",\"country\":\"vnm\",\"region\":\"Vinh Phuc Province\"},\"start_time\":\"2019-06-14T03:40:46.541094678Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:46.541094678Z", + "end": "2019-06-14T03:40:52.361155668Z", + "id": "1ulp77rfdvho4g", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", + "bytes": 1239, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 18, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33552, + "bytes": 63853, + "packets": 363, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", + "bytes": 63853, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 363, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051307300Z", + "original": "{\"insertId\":\"1ulp77rfdvho5r\",\"jsonPayload\":{\"bytes_sent\":\"63853\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33552},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213244028Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075811571Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075811571Z", + "end": "2019-06-14T03:49:55.213244028Z", + "id": "1ulp77rfdvho5r", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 33924, + "bytes": 1458, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051314400Z", + "original": "{\"insertId\":\"1ulp77rfdvho5k\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":33924},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:20.745658276Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:20.634435179Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:20.634435179Z", + "end": "2019-06-14T03:46:20.745658276Z", + "id": "1ulp77rfdvho5k", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", + "bytes": 1458, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33534, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 252397, + "packets": 260, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", + "bytes": 252397, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 260, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 311 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051321400Z", + "original": "{\"insertId\":\"1ulp77rfdvho55\",\"jsonPayload\":{\"bytes_sent\":\"252397\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33534,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597088427Z\",\"packets_sent\":\"260\",\"reporter\":\"SRC\",\"rtt_msec\":\"311\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075942176Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075942176Z", + "end": "2019-06-14T03:49:59.597088427Z", + "id": "1ulp77rfdvho55", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33694, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 205787, + "packets": 265, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", + "bytes": 205787, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 265, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 216 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051328500Z", + "original": "{\"insertId\":\"1ulp77rfdvho60\",\"jsonPayload\":{\"bytes_sent\":\"205787\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33694,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565117754Z\",\"packets_sent\":\"265\",\"reporter\":\"SRC\",\"rtt_msec\":\"216\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566551903Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.566551903Z", + "end": "2019-06-14T03:49:59.565117754Z", + "id": "1ulp77rfdvho60", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 87 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65263, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 106409, + "packets": 607, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051335700Z", + "original": "{\"insertId\":\"1ulp77rfdvho49\",\"jsonPayload\":{\"bytes_sent\":\"106409\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65263,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220748025Z\",\"packets_sent\":\"607\",\"reporter\":\"SRC\",\"rtt_msec\":\"87\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.270990648Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.270990648Z", + "end": "2019-06-14T03:49:56.220748025Z", + "id": "1ulp77rfdvho49", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", + "bytes": 106409, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 607, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33534, + "bytes": 61242, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 356 + }, + "network": { + "community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", + "bytes": 61242, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 356, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 311 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051342900Z", + "original": "{\"insertId\":\"1ulp77rfdvho4t\",\"jsonPayload\":{\"bytes_sent\":\"61242\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33534},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597088427Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"311\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075942176Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075942176Z", + "end": "2019-06-14T03:49:59.597088427Z", + "id": "1ulp77rfdvho4t", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.101", + "port": 49680, + "domain": "siem-windows", + "ip": "203.0.113.101" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 248826, + "packets": 735, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", + "bytes": 248826, + "name": "windows-isolated", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 735, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.101" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "windows-isolated", + "vpc_name": "windows-isolated" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 113 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051349900Z", + "original": "{\"insertId\":\"1ulp77rfdvho68\",\"jsonPayload\":{\"bytes_sent\":\"248826\",\"connection\":{\"dest_ip\":\"203.0.113.101\",\"dest_port\":49680,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"siem-windows\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"},\"end_time\":\"2019-06-14T03:49:55.705469925Z\",\"packets_sent\":\"735\",\"reporter\":\"SRC\",\"rtt_msec\":\"113\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.711043814Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.711043814Z", + "end": "2019-06-14T03:49:55.705469925Z", + "id": "1ulp77rfdvho68", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 33862, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1777, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051357Z", + "original": "{\"insertId\":\"1ulp77rfdvho5n\",\"jsonPayload\":{\"bytes_sent\":\"1777\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":33862,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:11.779780615Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:11.655143526Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:11.655143526Z", + "end": "2019-06-14T03:46:11.779780615Z", + "id": "1ulp77rfdvho5n", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", + "bytes": 1777, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 219 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65321, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 116845, + "packets": 594, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051364600Z", + "original": "{\"insertId\":\"1ulp77rfdvho5l\",\"jsonPayload\":{\"bytes_sent\":\"116845\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65321,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"594\",\"reporter\":\"SRC\",\"rtt_msec\":\"219\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.843986502Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.843986502Z", + "end": "2019-06-14T03:49:56.312105537Z", + "id": "1ulp77rfdvho5l", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", + "bytes": 116845, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 594, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33524, + "bytes": 4614, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 58 + }, + "network": { + "community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", + "bytes": 4614, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 58, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 0 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051371700Z", + "original": "{\"insertId\":\"1ulp77rfdvho65\",\"jsonPayload\":{\"bytes_sent\":\"4614\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33524},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461087350Z\",\"packets_sent\":\"58\",\"reporter\":\"DEST\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.790136141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:24.790136141Z", + "end": "2019-06-14T03:49:56.461087350Z", + "id": "1ulp77rfdvho65", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60112, + "domain": "suricata-iowa", + "ip": "192.0.2.177" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 50379, + "packets": 130, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", + "bytes": 50379, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 130, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.0.2.177" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051379Z", + "original": "{\"insertId\":\"1ulp77rfdvho4b\",\"jsonPayload\":{\"bytes_sent\":\"50379\",\"connection\":{\"dest_ip\":\"192.0.2.177\",\"dest_port\":60112,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:18.224268993Z\",\"packets_sent\":\"130\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:14.031541248Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:14.031541248Z", + "end": "2019-06-14T03:49:18.224268993Z", + "id": "1ulp77rfdvho4b", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33552, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 200417, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 250 + }, + "network": { + "community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", + "bytes": 200417, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 250, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051386100Z", + "original": "{\"insertId\":\"1ulp77rfdvho4m\",\"jsonPayload\":{\"bytes_sent\":\"200417\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33552,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213244028Z\",\"packets_sent\":\"250\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075811571Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075811571Z", + "end": "2019-06-14T03:49:55.213244028Z", + "id": "1ulp77rfdvho4m", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33524, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 30233, + "packets": 37, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", + "bytes": 30233, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 37, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 0 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051393300Z", + "original": "{\"insertId\":\"1ulp77rfdvho5t\",\"jsonPayload\":{\"bytes_sent\":\"30233\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33524,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461087350Z\",\"packets_sent\":\"37\",\"reporter\":\"SRC\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.790136141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:24.790136141Z", + "end": "2019-06-14T03:49:56.461087350Z", + "id": "1ulp77rfdvho5t", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33548, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 160693, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 237 + }, + "network": { + "community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", + "bytes": 160693, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 237, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051400300Z", + "original": "{\"insertId\":\"1ulp77rfdvho50\",\"jsonPayload\":{\"bytes_sent\":\"160693\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33548,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565451051Z\",\"packets_sent\":\"237\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147072949Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.147072949Z", + "end": "2019-06-14T03:49:59.565451051Z", + "id": "1ulp77rfdvho50", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33694, + "bytes": 59903, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 353 + }, + "network": { + "community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", + "bytes": 59903, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 353, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 216 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051407300Z", + "original": "{\"insertId\":\"1ulp77rfdvho63\",\"jsonPayload\":{\"bytes_sent\":\"59903\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33694},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565117754Z\",\"packets_sent\":\"353\",\"reporter\":\"DEST\",\"rtt_msec\":\"216\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566551903Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.566551903Z", + "end": "2019-06-14T03:49:59.565117754Z", + "id": "1ulp77rfdvho63", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 33924, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051414300Z", + "original": "{\"insertId\":\"1ulp77rfdvho4r\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":33924,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:20.745658276Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:20.634545217Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:20.634545217Z", + "end": "2019-06-14T03:46:20.745658276Z", + "id": "1ulp77rfdvho4r", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 89 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65271, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 129335, + "packets": 605, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051421400Z", + "original": "{\"insertId\":\"1ulp77rfdvho4i\",\"jsonPayload\":{\"bytes_sent\":\"129335\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65271,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:55.318940798Z\",\"packets_sent\":\"605\",\"reporter\":\"SRC\",\"rtt_msec\":\"89\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.155378070Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.155378070Z", + "end": "2019-06-14T03:49:55.318940798Z", + "id": "1ulp77rfdvho4i", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", + "bytes": 129335, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 605, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 33862, + "bytes": 1464, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051428600Z", + "original": "{\"insertId\":\"1ulp77rfdvho5v\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":33862},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:11.779780615Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:11.655143526Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:11.655143526Z", + "end": "2019-06-14T03:46:11.779780615Z", + "id": "1ulp77rfdvho5v", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 219 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65321, + "bytes": 75477, + "ip": "203.0.113.58", + "packets": 737 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051435700Z", + "original": "{\"insertId\":\"1ulp77rfdvho5i\",\"jsonPayload\":{\"bytes_sent\":\"75477\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65321},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"737\",\"reporter\":\"DEST\",\"rtt_msec\":\"219\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.843986502Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.843986502Z", + "end": "2019-06-14T03:49:56.312105537Z", + "id": "1ulp77rfdvho5i", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", + "bytes": 75477, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 737, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 86 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65316, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 102119, + "packets": 600, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051442800Z", + "original": "{\"insertId\":\"1ulp77rfdvho5c\",\"jsonPayload\":{\"bytes_sent\":\"102119\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65316,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"600\",\"reporter\":\"SRC\",\"rtt_msec\":\"86\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.565831992Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.565831992Z", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "1ulp77rfdvho5c", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", + "bytes": 102119, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 600, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.101", + "port": 49680, + "bytes": 1541638, + "domain": "siem-windows", + "ip": "203.0.113.101", + "packets": 949 + }, + "network": { + "community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", + "bytes": 1541638, + "name": "windows-isolated", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 949, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.101", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 113 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "windows-isolated", + "vpc_name": "windows-isolated" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051447200Z", + "original": "{\"insertId\":\"1ulp77rfdvho5p\",\"jsonPayload\":{\"bytes_sent\":\"1541638\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.101\",\"src_port\":49680},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.705469925Z\",\"packets_sent\":\"949\",\"reporter\":\"DEST\",\"rtt_msec\":\"113\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"siem-windows\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"},\"start_time\":\"2019-06-14T03:39:59.711043814Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.711043814Z", + "end": "2019-06-14T03:49:55.705469925Z", + "id": "1ulp77rfdvho5p", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60112, + "bytes": 755901, + "domain": "suricata-iowa", + "ip": "192.0.2.177", + "packets": 227 + }, + "network": { + "community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", + "bytes": 755901, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 227, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.177", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051452500Z", + "original": "{\"insertId\":\"1ulp77rfdvho4y\",\"jsonPayload\":{\"bytes_sent\":\"755901\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.177\",\"src_port\":60112},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:18.224268993Z\",\"packets_sent\":\"227\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:14.031541248Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:14.031541248Z", + "end": "2019-06-14T03:49:18.224268993Z", + "id": "1ulp77rfdvho4y", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33558, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 248715, + "packets": 270, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", + "bytes": 248715, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 270, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 144 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051458200Z", + "original": "{\"insertId\":\"1ulp77rfdvho4o\",\"jsonPayload\":{\"bytes_sent\":\"248715\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33558,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.394676451Z\",\"packets_sent\":\"270\",\"reporter\":\"SRC\",\"rtt_msec\":\"144\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:58.492572765Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:58.492572765Z", + "end": "2019-06-14T03:49:56.394676451Z", + "id": "1ulp77rfdvho4o", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 86 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65316, + "bytes": 69757, + "ip": "203.0.113.58", + "packets": 709 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051464Z", + "original": "{\"insertId\":\"1ulp77rfdvho5g\",\"jsonPayload\":{\"bytes_sent\":\"69757\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65316},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"709\",\"reporter\":\"DEST\",\"rtt_msec\":\"86\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.565831992Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.565831992Z", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "1ulp77rfdvho5g", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", + "bytes": 69757, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 709, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 87 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65263, + "bytes": 69440, + "ip": "203.0.113.58", + "packets": 728 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051468300Z", + "original": "{\"insertId\":\"1ulp77rfdvho59\",\"jsonPayload\":{\"bytes_sent\":\"69440\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65263},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220748025Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"87\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:01.270990648Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.270990648Z", + "end": "2019-06-14T03:49:56.220748025Z", + "id": "1ulp77rfdvho59", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", + "bytes": 69440, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 728, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 50438, + "bytes": 1457, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051475800Z", + "original": "{\"insertId\":\"1ulp77rfdvho57\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":50438},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:20.569744903Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:20.454046087Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.454046087Z", + "end": "2019-06-14T03:40:20.569744903Z", + "id": "1ulp77rfdvho57", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", + "bytes": 1457, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 50438, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1784, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051480800Z", + "original": "{\"insertId\":\"1ulp77rfdvho5e\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":50438,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:20.569744903Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.454046087Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.454046087Z", + "end": "2019-06-14T03:40:20.569744903Z", + "id": "1ulp77rfdvho5e", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", + "bytes": 1784, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.0.2.165" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 233 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Asia", + "country_name": "vnm", + "city_name": "Vĩnh Yên", + "region_name": "Vinh Phuc Province" + }, + "as": { + "number": 45899 + }, + "address": "192.0.2.165", + "port": 59623, + "ip": "192.0.2.165" + }, + "source": { + "address": "10.139.99.242", + "port": 22, + "bytes": 2395, + "packets": 11, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051484800Z", + "original": "{\"insertId\":\"1ulp77rfdvho4d\",\"jsonPayload\":{\"bytes_sent\":\"2395\",\"connection\":{\"dest_ip\":\"192.0.2.165\",\"dest_port\":59623,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":45899,\"city\":\"Vĩnh Yên\",\"continent\":\"Asia\",\"country\":\"vnm\",\"region\":\"Vinh Phuc Province\"},\"end_time\":\"2019-06-14T03:40:52.361155668Z\",\"packets_sent\":\"11\",\"reporter\":\"SRC\",\"rtt_msec\":\"233\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:46.541094678Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:46.541094678Z", + "end": "2019-06-14T03:40:52.361155668Z", + "id": "1ulp77rfdvho4d", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", + "bytes": 2395, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 11, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33558, + "bytes": 60335, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 353 + }, + "network": { + "community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", + "bytes": 60335, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 353, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 144 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051488700Z", + "original": "{\"insertId\":\"1ulp77rfdvho5y\",\"jsonPayload\":{\"bytes_sent\":\"60335\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33558},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.538257098Z\",\"packets_sent\":\"353\",\"reporter\":\"DEST\",\"rtt_msec\":\"144\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:58.492572765Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:58.492572765Z", + "end": "2019-06-14T03:49:48.538257098Z", + "id": "1ulp77rfdvho5y", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33548, + "bytes": 65565, + "packets": 354, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", + "bytes": 65565, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 354, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051493800Z", + "original": "{\"insertId\":\"1ulp77rfdvho6a\",\"jsonPayload\":{\"bytes_sent\":\"65565\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33548},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565451051Z\",\"packets_sent\":\"354\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147072949Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.147072949Z", + "end": "2019-06-14T03:49:59.565451051Z", + "id": "1ulp77rfdvho6a", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 89 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65271, + "bytes": 70174, + "ip": "203.0.113.58", + "packets": 717 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051498700Z", + "original": "{\"insertId\":\"1ulp77rfdvho4v\",\"jsonPayload\":{\"bytes_sent\":\"70174\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65271},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.318940798Z\",\"packets_sent\":\"717\",\"reporter\":\"DEST\",\"rtt_msec\":\"89\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.155378070Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.155378070Z", + "end": "2019-06-14T03:49:55.318940798Z", + "id": "1ulp77rfdvho4v", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", + "bytes": 70174, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 717, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 34178, + "bytes": 1461, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051504800Z", + "original": "{\"insertId\":\"bnj3cofh3cdk1\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":34178},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:51.355687385Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:51.237256499Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:51.237256499Z", + "end": "2019-06-14T03:46:51.355687385Z", + "id": "bnj3cofh3cdk1", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", + "bytes": 1461, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 33602, + "bytes": 1460, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051512Z", + "original": "{\"insertId\":\"bnj3cofh3cdjx\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":33602},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:51.090104692Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:50.954948790Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:50.954948790Z", + "end": "2019-06-14T03:45:51.090104692Z", + "id": "bnj3cofh3cdjx", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", + "bytes": 1460, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33554, + "bytes": 66736, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 366 + }, + "network": { + "community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", + "bytes": 66736, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 366, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 224 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051519100Z", + "original": "{\"insertId\":\"bnj3cofh3cdju\",\"jsonPayload\":{\"bytes_sent\":\"66736\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33554},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565131125Z\",\"packets_sent\":\"366\",\"reporter\":\"DEST\",\"rtt_msec\":\"224\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143837873Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:02.143837873Z", + "end": "2019-06-14T03:49:59.565131125Z", + "id": "bnj3cofh3cdju", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 33602, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1776, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051526200Z", + "original": "{\"insertId\":\"bnj3cofh3cdjz\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":33602,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:51.090104692Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:50.954948790Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:50.954948790Z", + "end": "2019-06-14T03:45:51.090104692Z", + "id": "bnj3cofh3cdjz", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", + "bytes": 1776, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 52454, + "bytes": 1464, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051533200Z", + "original": "{\"insertId\":\"bnj3cofh3cdkk\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":52454},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:40.888804332Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:40.779893091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:40.779893091Z", + "end": "2019-06-14T03:42:40.888804332Z", + "id": "bnj3cofh3cdkk", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33534, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 259510, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 251 + }, + "network": { + "community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", + "bytes": 259510, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 251, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051540300Z", + "original": "{\"insertId\":\"bnj3cofh3cdk0\",\"jsonPayload\":{\"bytes_sent\":\"259510\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33534,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597279654Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075756033Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075756033Z", + "end": "2019-06-14T03:49:59.597279654Z", + "id": "bnj3cofh3cdk0", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 52260, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051547400Z", + "original": "{\"insertId\":\"bnj3cofh3cdk8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":52260,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:11.183868408Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:11.063146265Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:11.063146265Z", + "end": "2019-06-14T03:42:11.183868408Z", + "id": "bnj3cofh3cdk8", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33530, + "bytes": 65069, + "packets": 361, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", + "bytes": 65069, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 361, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051554500Z", + "original": "{\"insertId\":\"bnj3cofh3cdkp\",\"jsonPayload\":{\"bytes_sent\":\"65069\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33530},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565300944Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140119099Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.140119099Z", + "end": "2019-06-14T03:49:59.565300944Z", + "id": "bnj3cofh3cdkp", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33556, + "bytes": 60530, + "packets": 366, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", + "bytes": 60530, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 366, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 15 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051561800Z", + "original": "{\"insertId\":\"bnj3cofh3cdkc\",\"jsonPayload\":{\"bytes_sent\":\"60530\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33556},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"366\",\"reporter\":\"SRC\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdkc", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33570, + "bytes": 11384, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 86 + }, + "network": { + "community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", + "bytes": 11384, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 86, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 230 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051568800Z", + "original": "{\"insertId\":\"bnj3cofh3cdkm\",\"jsonPayload\":{\"bytes_sent\":\"11384\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33570},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821047175Z\",\"packets_sent\":\"86\",\"reporter\":\"DEST\",\"rtt_msec\":\"230\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469473010Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.469473010Z", + "end": "2019-06-14T03:49:51.821047175Z", + "id": "bnj3cofh3cdkm", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33554, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 272063, + "packets": 247, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", + "bytes": 272063, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 247, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 224 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051576Z", + "original": "{\"insertId\":\"bnj3cofh3cdjy\",\"jsonPayload\":{\"bytes_sent\":\"272063\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33554,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565131125Z\",\"packets_sent\":\"247\",\"reporter\":\"SRC\",\"rtt_msec\":\"224\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143837873Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:02.143837873Z", + "end": "2019-06-14T03:49:59.565131125Z", + "id": "bnj3cofh3cdjy", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 43 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 53706, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1791, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051583100Z", + "original": "{\"insertId\":\"bnj3cofh3cdjv\",\"jsonPayload\":{\"bytes_sent\":\"1791\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":53706,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:50.822333871Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"43\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:50.703302550Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:50.703302550Z", + "end": "2019-06-14T03:43:50.822333871Z", + "id": "bnj3cofh3cdjv", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", + "bytes": 1791, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33858, + "bytes": 18295, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 118 + }, + "network": { + "community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", + "bytes": 18295, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 118, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 253 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051590100Z", + "original": "{\"insertId\":\"bnj3cofh3cdkh\",\"jsonPayload\":{\"bytes_sent\":\"18295\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33858},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789039435Z\",\"packets_sent\":\"118\",\"reporter\":\"DEST\",\"rtt_msec\":\"253\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458515996Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.458515996Z", + "end": "2019-06-14T03:49:51.789039435Z", + "id": "bnj3cofh3cdkh", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 33064, + "bytes": 1467, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051597300Z", + "original": "{\"insertId\":\"bnj3cofh3cdkg\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":33064},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:40.243022993Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:40.125336665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:40.125336665Z", + "end": "2019-06-14T03:44:40.243022993Z", + "id": "bnj3cofh3cdkg", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33556, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 165290, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 251 + }, + "network": { + "community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", + "bytes": 165290, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 251, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 15 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051605100Z", + "original": "{\"insertId\":\"bnj3cofh3cdk7\",\"jsonPayload\":{\"bytes_sent\":\"165290\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33556,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdk7", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 43 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 53706, + "bytes": 1458, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051612200Z", + "original": "{\"insertId\":\"bnj3cofh3cdk9\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":53706},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:50.822333871Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"43\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:50.703302550Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:50.703302550Z", + "end": "2019-06-14T03:43:50.822333871Z", + "id": "bnj3cofh3cdk9", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", + "bytes": 1458, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 52260, + "bytes": 1464, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051619400Z", + "original": "{\"insertId\":\"bnj3cofh3cdkj\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":52260},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:11.183868408Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:11.063146265Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:11.063146265Z", + "end": "2019-06-14T03:42:11.183868408Z", + "id": "bnj3cofh3cdkj", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 34090, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051626400Z", + "original": "{\"insertId\":\"bnj3cofh3cdki\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":34090,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:37.827345444Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:37.712749588Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:37.712749588Z", + "end": "2019-06-14T03:46:37.827345444Z", + "id": "bnj3cofh3cdki", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 34178, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051633500Z", + "original": "{\"insertId\":\"bnj3cofh3cdkd\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":34178,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:51.355687385Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:51.237256499Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:51.237256499Z", + "end": "2019-06-14T03:46:51.355687385Z", + "id": "bnj3cofh3cdkd", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 33064, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1776, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051640500Z", + "original": "{\"insertId\":\"bnj3cofh3cdjw\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":33064,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:40.243022993Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:40.125336665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:40.125336665Z", + "end": "2019-06-14T03:44:40.243022993Z", + "id": "bnj3cofh3cdjw", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", + "bytes": 1776, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 34906, + "bytes": 1461, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051647700Z", + "original": "{\"insertId\":\"bnj3cofh3cdk3\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":34906},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:50.757255245Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:50.642206049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:50.642206049Z", + "end": "2019-06-14T03:48:50.757255245Z", + "id": "bnj3cofh3cdk3", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", + "bytes": 1461, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 58216, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051654700Z", + "original": "{\"insertId\":\"bnj3cofh3cdkb\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":58216,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:36.982303071Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:36.865198297Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:36.865198297Z", + "end": "2019-06-14T03:49:36.982303071Z", + "id": "bnj3cofh3cdkb", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33534, + "bytes": 60222, + "packets": 361, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", + "bytes": 60222, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 361, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051662Z", + "original": "{\"insertId\":\"bnj3cofh3cdk4\",\"jsonPayload\":{\"bytes_sent\":\"60222\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33534},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597279654Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075756033Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075756033Z", + "end": "2019-06-14T03:49:59.597279654Z", + "id": "bnj3cofh3cdk4", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33510, + "bytes": 61810, + "packets": 358, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", + "bytes": 61810, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 358, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 16 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051669200Z", + "original": "{\"insertId\":\"bnj3cofh3cdkf\",\"jsonPayload\":{\"bytes_sent\":\"61810\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33510},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"358\",\"reporter\":\"SRC\",\"rtt_msec\":\"16\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500418290Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500418290Z", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdkf", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 58216, + "bytes": 1467, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051676200Z", + "original": "{\"insertId\":\"bnj3cofh3cdkl\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":58216},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:36.982303071Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:36.865198297Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:36.865198297Z", + "end": "2019-06-14T03:49:36.982303071Z", + "id": "bnj3cofh3cdkl", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33510, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 136558, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 243 + }, + "network": { + "community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", + "bytes": 136558, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 243, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 16 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051683500Z", + "original": "{\"insertId\":\"bnj3cofh3cdk2\",\"jsonPayload\":{\"bytes_sent\":\"136558\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33510,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"243\",\"reporter\":\"DEST\",\"rtt_msec\":\"16\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500418290Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500418290Z", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdk2", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 34906, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051690600Z", + "original": "{\"insertId\":\"bnj3cofh3cdko\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":34906,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:50.757255245Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:50.642206049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:50.642206049Z", + "end": "2019-06-14T03:48:50.757255245Z", + "id": "bnj3cofh3cdko", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 52454, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051697500Z", + "original": "{\"insertId\":\"bnj3cofh3cdke\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":52454,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:40.888804332Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:40.779893091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:40.779893091Z", + "end": "2019-06-14T03:42:40.888804332Z", + "id": "bnj3cofh3cdke", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 34090, + "bytes": 1467, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051704400Z", + "original": "{\"insertId\":\"bnj3cofh3cdka\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":34090},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:37.827345444Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:37.712749588Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:46:37.712749588Z", + "end": "2019-06-14T03:46:37.827345444Z", + "id": "bnj3cofh3cdka", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33530, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 170396, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 246 + }, + "network": { + "community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", + "bytes": 170396, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 246, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051711400Z", + "original": "{\"insertId\":\"bnj3cofh3cdkn\",\"jsonPayload\":{\"bytes_sent\":\"170396\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33530,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565300944Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140119099Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.140119099Z", + "end": "2019-06-14T03:49:59.565300944Z", + "id": "bnj3cofh3cdkn", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33570, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 171610, + "packets": 71, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", + "bytes": 171610, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 71, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 230 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051718400Z", + "original": "{\"insertId\":\"bnj3cofh3cdk5\",\"jsonPayload\":{\"bytes_sent\":\"171610\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33570,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821129119Z\",\"packets_sent\":\"71\",\"reporter\":\"SRC\",\"rtt_msec\":\"230\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469473010Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.469473010Z", + "end": "2019-06-14T03:49:51.821129119Z", + "id": "bnj3cofh3cdk5", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33858, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 15186, + "packets": 75, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", + "bytes": 15186, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 75, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:13.921Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 253 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051725500Z", + "original": "{\"insertId\":\"bnj3cofh3cdk6\",\"jsonPayload\":{\"bytes_sent\":\"15186\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33858,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933164456Z\",\"packets_sent\":\"75\",\"reporter\":\"SRC\",\"rtt_msec\":\"253\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458515996Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.458515996Z", + "end": "2019-06-14T03:49:37.933164456Z", + "id": "bnj3cofh3cdk6", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33590, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 208416, + "packets": 249, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", + "bytes": 208416, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 249, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 109 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051732500Z", + "original": "{\"insertId\":\"y4wffpfk2ero3\",\"jsonPayload\":{\"bytes_sent\":\"208416\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33590,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565116665Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"109\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147151100Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.147151100Z", + "end": "2019-06-14T03:49:59.565116665Z", + "id": "y4wffpfk2ero3", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60108, + "domain": "suricata-iowa", + "ip": "192.0.2.177" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 90977, + "packets": 357, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", + "bytes": 90977, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 357, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.0.2.177" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051739700Z", + "original": "{\"insertId\":\"y4wffpfk2eroh\",\"jsonPayload\":{\"bytes_sent\":\"90977\",\"connection\":{\"dest_ip\":\"192.0.2.177\",\"dest_port\":60108,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:54.108975753Z\",\"packets_sent\":\"357\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.762958327Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.762958327Z", + "end": "2019-06-14T03:49:54.108975753Z", + "id": "y4wffpfk2eroh", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33536, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 187301, + "packets": 242, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:c/u5Mg/PGR6riBWo0YXGpZWs3cI=", + "bytes": 187301, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 242, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 194 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051746800Z", + "original": "{\"insertId\":\"y4wffpfk2erom\",\"jsonPayload\":{\"bytes_sent\":\"187301\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33536,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565156020Z\",\"packets_sent\":\"242\",\"reporter\":\"SRC\",\"rtt_msec\":\"194\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150481417Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150481417Z", + "end": "2019-06-14T03:49:59.565156020Z", + "id": "y4wffpfk2erom", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33560, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 139106, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 244 + }, + "network": { + "community_id": "1:daatd5jK/QqBAjEYb64ySmXIcOU=", + "bytes": 139106, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 244, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 11 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051753900Z", + "original": "{\"insertId\":\"y4wffpfk2ero9\",\"jsonPayload\":{\"bytes_sent\":\"139106\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33560,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"11\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075859688Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075859688Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2ero9", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60108, + "bytes": 1733360, + "domain": "suricata-iowa", + "ip": "192.0.2.177", + "packets": 708 + }, + "network": { + "community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", + "bytes": 1733360, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 708, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.177", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051761200Z", + "original": "{\"insertId\":\"y4wffpfk2erog\",\"jsonPayload\":{\"bytes_sent\":\"1733360\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.177\",\"src_port\":60108},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:54.108975753Z\",\"packets_sent\":\"708\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.762958327Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.762958327Z", + "end": "2019-06-14T03:49:54.108975753Z", + "id": "y4wffpfk2erog", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33874, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 149157, + "packets": 74, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:5AIfpIZXAUHToCeVBhXgBuugIac=", + "bytes": 149157, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 74, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 142 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051768300Z", + "original": "{\"insertId\":\"y4wffpfk2ero7\",\"jsonPayload\":{\"bytes_sent\":\"149157\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33874,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933099658Z\",\"packets_sent\":\"74\",\"reporter\":\"SRC\",\"rtt_msec\":\"142\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.513551480Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.513551480Z", + "end": "2019-06-14T03:49:37.933099658Z", + "id": "y4wffpfk2ero7", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33968, + "bytes": 11108, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 95 + }, + "network": { + "community_id": "1:dMHgvk8guroE0eXkr19X6xQ6X24=", + "bytes": 11108, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 95, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 201 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051775500Z", + "original": "{\"insertId\":\"y4wffpfk2eroe\",\"jsonPayload\":{\"bytes_sent\":\"11108\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965119632Z\",\"packets_sent\":\"95\",\"reporter\":\"DEST\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480430427Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.480430427Z", + "end": "2019-06-14T03:49:37.965119632Z", + "id": "y4wffpfk2eroe", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33590, + "bytes": 67337, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 351 + }, + "network": { + "community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", + "bytes": 67337, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 351, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 109 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051782500Z", + "original": "{\"insertId\":\"y4wffpfk2eroa\",\"jsonPayload\":{\"bytes_sent\":\"67337\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33590},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565116665Z\",\"packets_sent\":\"351\",\"reporter\":\"DEST\",\"rtt_msec\":\"109\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147151100Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.147151100Z", + "end": "2019-06-14T03:49:59.565116665Z", + "id": "y4wffpfk2eroa", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33538, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 136375, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 246 + }, + "network": { + "community_id": "1:VqjLGbDeItVznngxat3pnPeGkec=", + "bytes": 136375, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 246, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051789800Z", + "original": "{\"insertId\":\"y4wffpfk2eroi\",\"jsonPayload\":{\"bytes_sent\":\"136375\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33538,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500483335Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2eroi", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33690, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 181424, + "packets": 241, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:WEAf6ne8e1XsbHxRodKfYT1TGbg=", + "bytes": 181424, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 241, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 196 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051796900Z", + "original": "{\"insertId\":\"y4wffpfk2ero8\",\"jsonPayload\":{\"bytes_sent\":\"181424\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33690,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393929808Z\",\"packets_sent\":\"241\",\"reporter\":\"SRC\",\"rtt_msec\":\"196\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075867049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075867049Z", + "end": "2019-06-14T03:49:56.393929808Z", + "id": "y4wffpfk2ero8", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33874, + "bytes": 9303, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 94 + }, + "network": { + "community_id": "1:5AIfpIZXAUHToCeVBhXgBuugIac=", + "bytes": 9303, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 94, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 142 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051803900Z", + "original": "{\"insertId\":\"y4wffpfk2erol\",\"jsonPayload\":{\"bytes_sent\":\"9303\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33874},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933099658Z\",\"packets_sent\":\"94\",\"reporter\":\"DEST\",\"rtt_msec\":\"142\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.513551480Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.513551480Z", + "end": "2019-06-14T03:49:37.933099658Z", + "id": "y4wffpfk2erol", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33572, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 142871, + "packets": 77, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:vae84XmwYYRVAple470fSnJPul0=", + "bytes": 142871, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 77, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 335 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051811Z", + "original": "{\"insertId\":\"y4wffpfk2ero4\",\"jsonPayload\":{\"bytes_sent\":\"142871\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33572,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821149051Z\",\"packets_sent\":\"77\",\"reporter\":\"SRC\",\"rtt_msec\":\"335\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470754779Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.470754779Z", + "end": "2019-06-14T03:49:51.821149051Z", + "id": "y4wffpfk2ero4", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33968, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 158811, + "packets": 69, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:dMHgvk8guroE0eXkr19X6xQ6X24=", + "bytes": 158811, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 69, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 201 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051818100Z", + "original": "{\"insertId\":\"y4wffpfk2eror\",\"jsonPayload\":{\"bytes_sent\":\"158811\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33968,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965119632Z\",\"packets_sent\":\"69\",\"reporter\":\"SRC\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480430427Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.480430427Z", + "end": "2019-06-14T03:49:37.965119632Z", + "id": "y4wffpfk2eror", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33880, + "bytes": 13455, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 81 + }, + "network": { + "community_id": "1:Kk7/PaNTTm0JkSjavpifN6V8b2s=", + "bytes": 13455, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 81, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 252 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051825200Z", + "original": "{\"insertId\":\"y4wffpfk2erob\",\"jsonPayload\":{\"bytes_sent\":\"13455\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33880},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821047175Z\",\"packets_sent\":\"81\",\"reporter\":\"DEST\",\"rtt_msec\":\"252\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470071135Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.470071135Z", + "end": "2019-06-14T03:49:51.821047175Z", + "id": "y4wffpfk2erob", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 57300, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051832400Z", + "original": "{\"insertId\":\"y4wffpfk2erox\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":57300,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:22.156322353Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:22.044604322Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:22.044604322Z", + "end": "2019-06-14T03:48:22.156322353Z", + "id": "y4wffpfk2erox", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:h/SRCB44wNMtbU2v3aeGitgKFRo=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 210 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65315, + "bytes": 71014, + "ip": "203.0.113.58", + "packets": 728 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051839400Z", + "original": "{\"insertId\":\"y4wffpfk2eroc\",\"jsonPayload\":{\"bytes_sent\":\"71014\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65315},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220720811Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"210\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.844068405Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.844068405Z", + "end": "2019-06-14T03:49:56.220720811Z", + "id": "y4wffpfk2eroc", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:EHEo9aOjBBeD5qcMBbJM+L2kBW8=", + "bytes": 71014, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 728, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33538, + "bytes": 60749, + "packets": 362, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:VqjLGbDeItVznngxat3pnPeGkec=", + "bytes": 60749, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 362, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051846400Z", + "original": "{\"insertId\":\"y4wffpfk2erok\",\"jsonPayload\":{\"bytes_sent\":\"60749\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33538},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500483335Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2erok", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33880, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 160451, + "packets": 66, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:Kk7/PaNTTm0JkSjavpifN6V8b2s=", + "bytes": 160451, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 66, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 252 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051853500Z", + "original": "{\"insertId\":\"y4wffpfk2eros\",\"jsonPayload\":{\"bytes_sent\":\"160451\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33880,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821138391Z\",\"packets_sent\":\"66\",\"reporter\":\"SRC\",\"rtt_msec\":\"252\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470071135Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.470071135Z", + "end": "2019-06-14T03:49:51.821138391Z", + "id": "y4wffpfk2eros", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33574, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 169173, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 64 + }, + "network": { + "community_id": "1:UPRJyBawh4JbZzzvBFfenzP0Yco=", + "bytes": 169173, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 64, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051860800Z", + "original": "{\"insertId\":\"y4wffpfk2erod\",\"jsonPayload\":{\"bytes_sent\":\"169173\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33574,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"64\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466811088Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466811088Z", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "y4wffpfk2erod", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 210 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65315, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 118762, + "packets": 615, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051867800Z", + "original": "{\"insertId\":\"y4wffpfk2ero6\",\"jsonPayload\":{\"bytes_sent\":\"118762\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65315,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220720811Z\",\"packets_sent\":\"615\",\"reporter\":\"SRC\",\"rtt_msec\":\"210\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.844068405Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.844068405Z", + "end": "2019-06-14T03:49:56.220720811Z", + "id": "y4wffpfk2ero6", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:EHEo9aOjBBeD5qcMBbJM+L2kBW8=", + "bytes": 118762, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 615, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33576, + "bytes": 11137, + "packets": 96, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:8dEsdSCqyZDg8ZlrEARjkF61tVk=", + "bytes": 11137, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 96, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051874800Z", + "original": "{\"insertId\":\"y4wffpfk2eron\",\"jsonPayload\":{\"bytes_sent\":\"11137\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33576},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"96\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510464198Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510464198Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "y4wffpfk2eron", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 57300, + "bytes": 1458, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051881900Z", + "original": "{\"insertId\":\"y4wffpfk2eroy\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":57300},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:22.156322353Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:22.044604322Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:22.044604322Z", + "end": "2019-06-14T03:48:22.156322353Z", + "id": "y4wffpfk2eroy", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:h/SRCB44wNMtbU2v3aeGitgKFRo=", + "bytes": 1458, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 54662, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1776, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051888800Z", + "original": "{\"insertId\":\"y4wffpfk2erof\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":54662,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:12.142682672Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:12.027895189Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:12.027895189Z", + "end": "2019-06-14T03:45:12.142682672Z", + "id": "y4wffpfk2erof", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:jQRBIxNHMzfkP/qDqSMZJb7cjWg=", + "bytes": 1776, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33572, + "bytes": 11674, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 96 + }, + "network": { + "community_id": "1:vae84XmwYYRVAple470fSnJPul0=", + "bytes": 11674, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 96, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 335 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051895800Z", + "original": "{\"insertId\":\"y4wffpfk2erov\",\"jsonPayload\":{\"bytes_sent\":\"11674\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33572},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"96\",\"reporter\":\"DEST\",\"rtt_msec\":\"335\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470754779Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.470754779Z", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "y4wffpfk2erov", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33540, + "bytes": 62831, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 346 + }, + "network": { + "community_id": "1:MQOhdELEvqJXellZlJ8csNiAoAM=", + "bytes": 62831, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 346, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 313 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051903Z", + "original": "{\"insertId\":\"y4wffpfk2erop\",\"jsonPayload\":{\"bytes_sent\":\"62831\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33540},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789112562Z\",\"packets_sent\":\"346\",\"reporter\":\"DEST\",\"rtt_msec\":\"313\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074813982Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074813982Z", + "end": "2019-06-14T03:49:51.789112562Z", + "id": "y4wffpfk2erop", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33574, + "bytes": 15169, + "packets": 93, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:UPRJyBawh4JbZzzvBFfenzP0Yco=", + "bytes": 15169, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 93, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051910100Z", + "original": "{\"insertId\":\"y4wffpfk2erou\",\"jsonPayload\":{\"bytes_sent\":\"15169\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33574},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"93\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466811088Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466811088Z", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "y4wffpfk2erou", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 54662, + "bytes": 1464, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051920Z", + "original": "{\"insertId\":\"y4wffpfk2eroj\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":54662},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:12.142682672Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:12.027895189Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:12.027895189Z", + "end": "2019-06-14T03:45:12.142682672Z", + "id": "y4wffpfk2eroj", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:jQRBIxNHMzfkP/qDqSMZJb7cjWg=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33560, + "bytes": 64588, + "packets": 362, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:daatd5jK/QqBAjEYb64ySmXIcOU=", + "bytes": 64588, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 362, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 11 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051927500Z", + "original": "{\"insertId\":\"y4wffpfk2erow\",\"jsonPayload\":{\"bytes_sent\":\"64588\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33560},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"11\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075859688Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075859688Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2erow", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33536, + "bytes": 67315, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 354 + }, + "network": { + "community_id": "1:c/u5Mg/PGR6riBWo0YXGpZWs3cI=", + "bytes": 67315, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 354, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 194 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051934700Z", + "original": "{\"insertId\":\"y4wffpfk2erot\",\"jsonPayload\":{\"bytes_sent\":\"67315\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565156020Z\",\"packets_sent\":\"354\",\"reporter\":\"DEST\",\"rtt_msec\":\"194\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150481417Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150481417Z", + "end": "2019-06-14T03:49:59.565156020Z", + "id": "y4wffpfk2erot", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33576, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 175633, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 67 + }, + "network": { + "community_id": "1:8dEsdSCqyZDg8ZlrEARjkF61tVk=", + "bytes": 175633, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 67, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051941700Z", + "original": "{\"insertId\":\"y4wffpfk2eroq\",\"jsonPayload\":{\"bytes_sent\":\"175633\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33576,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"67\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510464198Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510464198Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "y4wffpfk2eroq", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33540, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 116981, + "packets": 234, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:MQOhdELEvqJXellZlJ8csNiAoAM=", + "bytes": 116981, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 234, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 313 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051948700Z", + "original": "{\"insertId\":\"y4wffpfk2ero5\",\"jsonPayload\":{\"bytes_sent\":\"116981\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33540,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789112562Z\",\"packets_sent\":\"234\",\"reporter\":\"SRC\",\"rtt_msec\":\"313\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074813982Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074813982Z", + "end": "2019-06-14T03:49:51.789112562Z", + "id": "y4wffpfk2ero5", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33690, + "bytes": 67789, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 344 + }, + "network": { + "community_id": "1:WEAf6ne8e1XsbHxRodKfYT1TGbg=", + "bytes": 67789, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 344, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.453Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 196 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051955800Z", + "original": "{\"insertId\":\"y4wffpfk2eroo\",\"jsonPayload\":{\"bytes_sent\":\"67789\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33690},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.542406314Z\",\"packets_sent\":\"344\",\"reporter\":\"DEST\",\"rtt_msec\":\"196\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075867049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075867049Z", + "end": "2019-06-14T03:49:48.542406314Z", + "id": "y4wffpfk2eroo", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33538, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 136166, + "packets": 245, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:NoAWHdeVVE/1VjCAle3M10HSrH0=", + "bytes": 136166, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 245, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 250 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051963Z", + "original": "{\"insertId\":\"ptjoddfhmrhg9\",\"jsonPayload\":{\"bytes_sent\":\"136166\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33538,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565124617Z\",\"packets_sent\":\"245\",\"reporter\":\"SRC\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074952616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074952616Z", + "end": "2019-06-14T03:49:59.565124617Z", + "id": "ptjoddfhmrhg9", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 220 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65257, + "bytes": 68262, + "ip": "203.0.113.58", + "packets": 718 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051970Z", + "original": "{\"insertId\":\"ptjoddfhmrhgh\",\"jsonPayload\":{\"bytes_sent\":\"68262\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65257},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220614265Z\",\"packets_sent\":\"718\",\"reporter\":\"DEST\",\"rtt_msec\":\"220\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.403388091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.403388091Z", + "end": "2019-06-14T03:49:56.220614265Z", + "id": "ptjoddfhmrhgh", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:DqikX2/VHNCo3K4Z/FQLlk5o8C4=", + "bytes": 68262, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 718, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 52328, + "bytes": 1457, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051977Z", + "original": "{\"insertId\":\"ptjoddfhmrhgj\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":52328},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:20.952481728Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:20.842840991Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:20.842840991Z", + "end": "2019-06-14T03:42:20.952481728Z", + "id": "ptjoddfhmrhgj", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:EE4Jx/GklVta9XikBj43wQU3qJM=", + "bytes": 1457, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 59790, + "bytes": 1460, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051984100Z", + "original": "{\"insertId\":\"ptjoddfhmrhgr\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":59790},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:50.702194466Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:50.590894439Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:50.590894439Z", + "end": "2019-06-14T03:40:50.702194466Z", + "id": "ptjoddfhmrhgr", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:2VaSImZuAKUa2JwnaG4ATyMe4g0=", + "bytes": 1460, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 62 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65317, + "bytes": 73681, + "ip": "203.0.113.58", + "packets": 728 + }, + "event": { + "ingested": "2021-02-19T09:19:49.051991400Z", + "original": "{\"insertId\":\"ptjoddfhmrhgn\",\"jsonPayload\":{\"bytes_sent\":\"73681\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65317},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"62\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.740491697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.740491697Z", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "ptjoddfhmrhgn", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:KUhb7O2JuCr67sFOvEo0t6q1bx0=", + "bytes": 73681, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 728, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 62 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65317, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 92566, + "packets": 596, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.051998500Z", + "original": "{\"insertId\":\"ptjoddfhmrhga\",\"jsonPayload\":{\"bytes_sent\":\"92566\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65317,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"596\",\"reporter\":\"SRC\",\"rtt_msec\":\"62\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.740491697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.740491697Z", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "ptjoddfhmrhga", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:KUhb7O2JuCr67sFOvEo0t6q1bx0=", + "bytes": 92566, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 596, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33692, + "bytes": 66094, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 360 + }, + "network": { + "community_id": "1:ICaRxvQCM8Iv02SAaUpscf0dmFk=", + "bytes": 66094, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 360, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 181 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052005600Z", + "original": "{\"insertId\":\"ptjoddfhmrhgk\",\"jsonPayload\":{\"bytes_sent\":\"66094\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33692},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565137912Z\",\"packets_sent\":\"360\",\"reporter\":\"DEST\",\"rtt_msec\":\"181\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.558259934Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.558259934Z", + "end": "2019-06-14T03:49:59.565137912Z", + "id": "ptjoddfhmrhgk", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65262, + "bytes": 4900, + "ip": "203.0.113.58", + "packets": 542 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052012900Z", + "original": "{\"insertId\":\"ptjoddfhmrhgm\",\"jsonPayload\":{\"bytes_sent\":\"4900\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65262},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220741828Z\",\"packets_sent\":\"542\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.251430011Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.251430011Z", + "end": "2019-06-14T03:49:56.220741828Z", + "id": "ptjoddfhmrhgm", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:RtfThXVVNPvXxMgtvtqlB4QmIlQ=", + "bytes": 4900, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 542, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 52328, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052020100Z", + "original": "{\"insertId\":\"ptjoddfhmrhgd\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":52328,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:20.952481728Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:20.842840991Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:20.842840991Z", + "end": "2019-06-14T03:42:20.952481728Z", + "id": "ptjoddfhmrhgd", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:EE4Jx/GklVta9XikBj43wQU3qJM=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33552, + "bytes": 63280, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 361 + }, + "network": { + "community_id": "1:r7WME9xMisADgziCEygFYe5e1kY=", + "bytes": 63280, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 361, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 21 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052057100Z", + "original": "{\"insertId\":\"ptjoddfhmrhgl\",\"jsonPayload\":{\"bytes_sent\":\"63280\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33552},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213081491Z\",\"packets_sent\":\"361\",\"reporter\":\"DEST\",\"rtt_msec\":\"21\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075957044Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075957044Z", + "end": "2019-06-14T03:49:55.213081491Z", + "id": "ptjoddfhmrhgl", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.239" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 102 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Europe", + "country_name": "rou", + "city_name": "Bucharest", + "region_name": "Bucharest" + }, + "as": { + "number": 24940 + }, + "address": "198.51.100.239", + "port": 37292, + "ip": "198.51.100.239" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 774029, + "packets": 403, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052065700Z", + "original": "{\"insertId\":\"ptjoddfhmrhgi\",\"jsonPayload\":{\"bytes_sent\":\"774029\",\"connection\":{\"dest_ip\":\"198.51.100.239\",\"dest_port\":37292,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":24940,\"city\":\"Bucharest\",\"continent\":\"Europe\",\"country\":\"rou\",\"region\":\"Bucharest\"},\"end_time\":\"2019-06-14T03:49:35.841633589Z\",\"packets_sent\":\"403\",\"reporter\":\"SRC\",\"rtt_msec\":\"102\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:35.048156283Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:35.048156283Z", + "end": "2019-06-14T03:49:35.841633589Z", + "id": "ptjoddfhmrhgi", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:qQCuSUtf/LXRt0TJF/oFikmD5p4=", + "bytes": 774029, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 403, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33876, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 359272, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 66 + }, + "network": { + "community_id": "1:RJ5OB/OF2Dh8aqt0X5ikvUiYbOE=", + "bytes": 359272, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 66, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052073Z", + "original": "{\"insertId\":\"ptjoddfhmrhgo\",\"jsonPayload\":{\"bytes_sent\":\"359272\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33876,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933338264Z\",\"packets_sent\":\"66\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466706102Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466706102Z", + "end": "2019-06-14T03:49:37.933338264Z", + "id": "ptjoddfhmrhgo", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.239", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 102 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "Europe", + "country_name": "rou", + "city_name": "Bucharest", + "region_name": "Bucharest" + }, + "as": { + "number": 24940 + }, + "address": "198.51.100.239", + "port": 37292, + "bytes": 310476, + "ip": "198.51.100.239", + "packets": 214 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052080200Z", + "original": "{\"insertId\":\"ptjoddfhmrhgp\",\"jsonPayload\":{\"bytes_sent\":\"310476\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"198.51.100.239\",\"src_port\":37292},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:35.841633589Z\",\"packets_sent\":\"214\",\"reporter\":\"DEST\",\"rtt_msec\":\"102\",\"src_location\":{\"asn\":24940,\"city\":\"Bucharest\",\"continent\":\"Europe\",\"country\":\"rou\",\"region\":\"Bucharest\"},\"start_time\":\"2019-06-14T03:40:35.048156283Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:35.048156283Z", + "end": "2019-06-14T03:49:35.841633589Z", + "id": "ptjoddfhmrhgp", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:qQCuSUtf/LXRt0TJF/oFikmD5p4=", + "bytes": 310476, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 214, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 59790, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1784, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052087300Z", + "original": "{\"insertId\":\"ptjoddfhmrhg8\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":59790,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:50.702194466Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:50.590894439Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:50.590894439Z", + "end": "2019-06-14T03:40:50.702194466Z", + "id": "ptjoddfhmrhg8", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:2VaSImZuAKUa2JwnaG4ATyMe4g0=", + "bytes": 1784, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33552, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 209716, + "packets": 262, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:r7WME9xMisADgziCEygFYe5e1kY=", + "bytes": 209716, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 262, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 21 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052096800Z", + "original": "{\"insertId\":\"ptjoddfhmrhgf\",\"jsonPayload\":{\"bytes_sent\":\"209716\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33552,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213081491Z\",\"packets_sent\":\"262\",\"reporter\":\"SRC\",\"rtt_msec\":\"21\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075957044Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075957044Z", + "end": "2019-06-14T03:49:55.213081491Z", + "id": "ptjoddfhmrhgf", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33556, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 165643, + "packets": 256, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:S6achMS1ovFuI9FmGgW49nTJQXk=", + "bytes": 165643, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 256, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 133 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052104300Z", + "original": "{\"insertId\":\"ptjoddfhmrhgg\",\"jsonPayload\":{\"bytes_sent\":\"165643\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33556,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565214145Z\",\"packets_sent\":\"256\",\"reporter\":\"SRC\",\"rtt_msec\":\"133\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:03.062674441Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:03.062674441Z", + "end": "2019-06-14T03:49:59.565214145Z", + "id": "ptjoddfhmrhgg", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 220 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65257, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 65890, + "packets": 593, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052111500Z", + "original": "{\"insertId\":\"ptjoddfhmrhgb\",\"jsonPayload\":{\"bytes_sent\":\"65890\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65257,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220614265Z\",\"packets_sent\":\"593\",\"reporter\":\"SRC\",\"rtt_msec\":\"220\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.403388091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.403388091Z", + "end": "2019-06-14T03:49:56.220614265Z", + "id": "ptjoddfhmrhgb", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:DqikX2/VHNCo3K4Z/FQLlk5o8C4=", + "bytes": 65890, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 593, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33538, + "bytes": 62620, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 358 + }, + "network": { + "community_id": "1:NoAWHdeVVE/1VjCAle3M10HSrH0=", + "bytes": 62620, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 358, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 250 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052118500Z", + "original": "{\"insertId\":\"ptjoddfhmrhgs\",\"jsonPayload\":{\"bytes_sent\":\"62620\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33538},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565124617Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074952616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074952616Z", + "end": "2019-06-14T03:49:59.565124617Z", + "id": "ptjoddfhmrhgs", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33692, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 185520, + "packets": 249, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:ICaRxvQCM8Iv02SAaUpscf0dmFk=", + "bytes": 185520, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 249, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 181 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052125700Z", + "original": "{\"insertId\":\"ptjoddfhmrhge\",\"jsonPayload\":{\"bytes_sent\":\"185520\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33692,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565137912Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"181\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.558259934Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.558259934Z", + "end": "2019-06-14T03:49:59.565137912Z", + "id": "ptjoddfhmrhge", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65262, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 33269, + "packets": 517, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052132900Z", + "original": "{\"insertId\":\"ptjoddfhmrhgc\",\"jsonPayload\":{\"bytes_sent\":\"33269\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65262,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220741828Z\",\"packets_sent\":\"517\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.251430011Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.251430011Z", + "end": "2019-06-14T03:49:56.220741828Z", + "id": "ptjoddfhmrhgc", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:RtfThXVVNPvXxMgtvtqlB4QmIlQ=", + "bytes": 33269, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 517, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33556, + "bytes": 58811, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 358 + }, + "network": { + "community_id": "1:S6achMS1ovFuI9FmGgW49nTJQXk=", + "bytes": 58811, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 358, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 133 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052139900Z", + "original": "{\"insertId\":\"ptjoddfhmrhg7\",\"jsonPayload\":{\"bytes_sent\":\"58811\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33556},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565214145Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"133\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:03.062674441Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:03.062674441Z", + "end": "2019-06-14T03:49:59.565214145Z", + "id": "ptjoddfhmrhg7", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33876, + "bytes": 5220, + "packets": 86, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:RJ5OB/OF2Dh8aqt0X5ikvUiYbOE=", + "bytes": 5220, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 86, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:15.857Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052147100Z", + "original": "{\"insertId\":\"ptjoddfhmrhgq\",\"jsonPayload\":{\"bytes_sent\":\"5220\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33876},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933338264Z\",\"packets_sent\":\"86\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466706102Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466706102Z", + "end": "2019-06-14T03:49:37.933338264Z", + "id": "ptjoddfhmrhgq", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.182", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1350 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 22, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Shangqiu", + "region_name": "Henan" + }, + "as": { + "number": 4837 + }, + "address": "198.51.100.182", + "port": 41818, + "bytes": 0, + "ip": "198.51.100.182", + "packets": 4 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052154Z", + "original": "{\"insertId\":\"bxuq05fhgmw9d\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"198.51.100.182\",\"src_port\":41818},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:13.478093057Z\",\"packets_sent\":\"4\",\"reporter\":\"DEST\",\"rtt_msec\":\"1350\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:11.031370298Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:11.031370298Z", + "end": "2019-06-14T03:40:13.478093057Z", + "id": "bxuq05fhgmw9d", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:+MSnEfQ6PdDGsHX0nTeNna2fZHI=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 4, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33524, + "bytes": 4580, + "packets": 60, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:m8TzhysIkslBtL9JjV+tquk6V/g=", + "bytes": 4580, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 60, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052161100Z", + "original": "{\"insertId\":\"bxuq05fhgmw90\",\"jsonPayload\":{\"bytes_sent\":\"4580\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33524},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461240929Z\",\"packets_sent\":\"60\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.789945697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:24.789945697Z", + "end": "2019-06-14T03:49:56.461240929Z", + "id": "bxuq05fhgmw90", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 92 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65322, + "bytes": 270437, + "ip": "203.0.113.58", + "packets": 668 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052168200Z", + "original": "{\"insertId\":\"bxuq05fhgmw8w\",\"jsonPayload\":{\"bytes_sent\":\"270437\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65322},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.408936364Z\",\"packets_sent\":\"668\",\"reporter\":\"DEST\",\"rtt_msec\":\"92\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.703392247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.703392247Z", + "end": "2019-06-14T03:49:55.408936364Z", + "id": "bxuq05fhgmw8w", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:tXtxtPy6IFZbzlCNEMTqkkfU37w=", + "bytes": 270437, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 668, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 92 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65322, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 19019, + "packets": 604, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052175300Z", + "original": "{\"insertId\":\"bxuq05fhgmw94\",\"jsonPayload\":{\"bytes_sent\":\"19019\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65322,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:55.408936364Z\",\"packets_sent\":\"604\",\"reporter\":\"SRC\",\"rtt_msec\":\"92\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.703392247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.703392247Z", + "end": "2019-06-14T03:49:55.408936364Z", + "id": "bxuq05fhgmw94", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:tXtxtPy6IFZbzlCNEMTqkkfU37w=", + "bytes": 19019, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 604, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33568, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 16208, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 80 + }, + "network": { + "community_id": "1:AXYYDUibiLRs7tXVqml9vhtY2wY=", + "bytes": 16208, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 80, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052182200Z", + "original": "{\"insertId\":\"bxuq05fhgmw8x\",\"jsonPayload\":{\"bytes_sent\":\"16208\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33568,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789269849Z\",\"packets_sent\":\"80\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.455711202Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.455711202Z", + "end": "2019-06-14T03:49:51.789269849Z", + "id": "bxuq05fhgmw8x", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33568, + "bytes": 9800, + "packets": 120, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:AXYYDUibiLRs7tXVqml9vhtY2wY=", + "bytes": 9800, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 120, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052189300Z", + "original": "{\"insertId\":\"bxuq05fhgmw8v\",\"jsonPayload\":{\"bytes_sent\":\"9800\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789269849Z\",\"packets_sent\":\"120\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.455711202Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.455711202Z", + "end": "2019-06-14T03:49:51.789269849Z", + "id": "bxuq05fhgmw8v", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 40 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 58026, + "bytes": 1467, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052196400Z", + "original": "{\"insertId\":\"bxuq05fhgmw8z\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":58026},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:09.114674887Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"40\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:08.995009558Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:08.995009558Z", + "end": "2019-06-14T03:49:09.114674887Z", + "id": "bxuq05fhgmw8z", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:iqLE2ZKPjY+4CpYdTYZLcB7D1xk=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33564, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 19506, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 180 + }, + "network": { + "community_id": "1:d+9cs8ZSIwCZUTV/HN9P0arhfqU=", + "bytes": 19506, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 180, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052203700Z", + "original": "{\"insertId\":\"bxuq05fhgmw9b\",\"jsonPayload\":{\"bytes_sent\":\"19506\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33564,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597223164Z\",\"packets_sent\":\"180\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866699945Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.866699945Z", + "end": "2019-06-14T03:49:59.597223164Z", + "id": "bxuq05fhgmw9b", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 32882, + "bytes": 1496, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052210800Z", + "original": "{\"insertId\":\"bxuq05fhgmw8y\",\"jsonPayload\":{\"bytes_sent\":\"1496\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":32882},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:07.811355936Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:07.689331553Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:07.689331553Z", + "end": "2019-06-14T03:44:07.811355936Z", + "id": "bxuq05fhgmw8y", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:JBPQPPGDjRGxMSu2nEFLssfmXHs=", + "bytes": 1496, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60126, + "domain": "suricata-iowa", + "ip": "192.0.2.177" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 155675, + "packets": 288, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:p5hGVmQSWVn7uQmogt/lZdp5AHE=", + "bytes": 155675, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 288, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.0.2.177" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052217900Z", + "original": "{\"insertId\":\"bxuq05fhgmw9e\",\"jsonPayload\":{\"bytes_sent\":\"155675\",\"connection\":{\"dest_ip\":\"192.0.2.177\",\"dest_port\":60126,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.101129310Z\",\"packets_sent\":\"288\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.019841536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:02.019841536Z", + "end": "2019-06-14T03:49:52.101129310Z", + "id": "bxuq05fhgmw9e", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 32882, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1791, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052224900Z", + "original": "{\"insertId\":\"bxuq05fhgmw98\",\"jsonPayload\":{\"bytes_sent\":\"1791\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":32882,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:07.811355936Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:07.689331553Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:07.689331553Z", + "end": "2019-06-14T03:44:07.811355936Z", + "id": "bxuq05fhgmw98", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:JBPQPPGDjRGxMSu2nEFLssfmXHs=", + "bytes": 1791, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.212", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 15 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.212", + "port": 39568, + "bytes": 28304484, + "ip": "203.0.113.212", + "packets": 2400 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052228800Z", + "original": "{\"insertId\":\"bxuq05fhgmw96\",\"jsonPayload\":{\"bytes_sent\":\"28304484\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.212\",\"src_port\":39568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:02.085146013Z\",\"packets_sent\":\"2400\",\"reporter\":\"DEST\",\"rtt_msec\":\"15\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:00.480787267Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.480787267Z", + "end": "2019-06-14T03:49:02.085146013Z", + "id": "bxuq05fhgmw96", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:3ECu9H2H+Xk3IO0c7PNGEZBOixg=", + "bytes": 28304484, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 2400, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.212" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 15 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.212", + "port": 39568, + "ip": "203.0.113.212" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 2962242, + "packets": 1340, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052233900Z", + "original": "{\"insertId\":\"bxuq05fhgmw99\",\"jsonPayload\":{\"bytes_sent\":\"2962242\",\"connection\":{\"dest_ip\":\"203.0.113.212\",\"dest_port\":39568,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:02.085146013Z\",\"packets_sent\":\"1340\",\"reporter\":\"SRC\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.480787267Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.480787267Z", + "end": "2019-06-14T03:49:02.085146013Z", + "id": "bxuq05fhgmw99", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:3ECu9H2H+Xk3IO0c7PNGEZBOixg=", + "bytes": 2962242, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 1340, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 40 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 58026, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052239300Z", + "original": "{\"insertId\":\"bxuq05fhgmw93\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":58026,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:09.114674887Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"40\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:08.995009558Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:08.995009558Z", + "end": "2019-06-14T03:49:09.114674887Z", + "id": "bxuq05fhgmw93", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:iqLE2ZKPjY+4CpYdTYZLcB7D1xk=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33874, + "bytes": 9611, + "packets": 101, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:Zm3DkZJD/U+ewVlHMnyoA6QK9Do=", + "bytes": 9611, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 101, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052244900Z", + "original": "{\"insertId\":\"bxuq05fhgmw9f\",\"jsonPayload\":{\"bytes_sent\":\"9611\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33874},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933323342Z\",\"packets_sent\":\"101\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510575555Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510575555Z", + "end": "2019-06-14T03:49:37.933323342Z", + "id": "bxuq05fhgmw9f", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33564, + "bytes": 318481, + "packets": 181, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:d+9cs8ZSIwCZUTV/HN9P0arhfqU=", + "bytes": 318481, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 181, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052249100Z", + "original": "{\"insertId\":\"bxuq05fhgmw9j\",\"jsonPayload\":{\"bytes_sent\":\"318481\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33564},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597223164Z\",\"packets_sent\":\"181\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866699945Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.866699945Z", + "end": "2019-06-14T03:49:59.597223164Z", + "id": "bxuq05fhgmw9j", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33874, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 139359, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 70 + }, + "network": { + "community_id": "1:Zm3DkZJD/U+ewVlHMnyoA6QK9Do=", + "bytes": 139359, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 70, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052270700Z", + "original": "{\"insertId\":\"bxuq05fhgmw97\",\"jsonPayload\":{\"bytes_sent\":\"139359\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33874,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933323342Z\",\"packets_sent\":\"70\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510575555Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510575555Z", + "end": "2019-06-14T03:49:37.933323342Z", + "id": "bxuq05fhgmw97", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 60640, + "bytes": 1461, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052276600Z", + "original": "{\"insertId\":\"bxuq05fhgmw9i\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":60640},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:50.942543211Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:50.830164366Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:50.830164366Z", + "end": "2019-06-14T03:42:50.942543211Z", + "id": "bxuq05fhgmw9i", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:NICAaeH22xLf7LP6W0kbWVQpWME=", + "bytes": 1461, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.182" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1350 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Shangqiu", + "region_name": "Henan" + }, + "as": { + "number": 4837 + }, + "address": "198.51.100.182", + "port": 41818, + "ip": "198.51.100.182" + }, + "source": { + "address": "10.139.99.242", + "port": 22, + "bytes": 45, + "packets": 9, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052280400Z", + "original": "{\"insertId\":\"bxuq05fhgmw9c\",\"jsonPayload\":{\"bytes_sent\":\"45\",\"connection\":{\"dest_ip\":\"198.51.100.182\",\"dest_port\":41818,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:43:16.809366809Z\",\"packets_sent\":\"9\",\"reporter\":\"SRC\",\"rtt_msec\":\"1350\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:11.031370298Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:11.031370298Z", + "end": "2019-06-14T03:43:16.809366809Z", + "id": "bxuq05fhgmw9c", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:+MSnEfQ6PdDGsHX0nTeNna2fZHI=", + "bytes": 45, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 9, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 60640, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052284200Z", + "original": "{\"insertId\":\"bxuq05fhgmw9h\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":60640,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:50.942543211Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:50.830164366Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:50.830164366Z", + "end": "2019-06-14T03:42:50.942543211Z", + "id": "bxuq05fhgmw9h", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:NICAaeH22xLf7LP6W0kbWVQpWME=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33966, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 358920, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 61 + }, + "network": { + "community_id": "1:xlcXy61NrJvVRyzBr1bsyzEWEv8=", + "bytes": 358920, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 61, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052289200Z", + "original": "{\"insertId\":\"bxuq05fhgmw92\",\"jsonPayload\":{\"bytes_sent\":\"358920\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33966,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"61\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510534141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510534141Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "bxuq05fhgmw92", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 53104, + "bytes": 653827, + "domain": "zeek-nsm", + "ip": "198.51.100.88", + "packets": 286 + }, + "network": { + "community_id": "1:EvU+L/cBE9vacReP+K7ey2MZ6Bs=", + "bytes": 653827, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 286, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.88", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052293700Z", + "original": "{\"insertId\":\"bxuq05fhgmw8u\",\"jsonPayload\":{\"bytes_sent\":\"653827\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"198.51.100.88\",\"src_port\":53104},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:45.312543839Z\",\"packets_sent\":\"286\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.188944581Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.188944581Z", + "end": "2019-06-14T03:49:45.312543839Z", + "id": "bxuq05fhgmw8u", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33966, + "bytes": 5220, + "packets": 81, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:xlcXy61NrJvVRyzBr1bsyzEWEv8=", + "bytes": 5220, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 81, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052299600Z", + "original": "{\"insertId\":\"bxuq05fhgmw9g\",\"jsonPayload\":{\"bytes_sent\":\"5220\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33966},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"81\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510534141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510534141Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "bxuq05fhgmw9g", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33524, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 31140, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 40 + }, + "network": { + "community_id": "1:m8TzhysIkslBtL9JjV+tquk6V/g=", + "bytes": 31140, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 40, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052306600Z", + "original": "{\"insertId\":\"bxuq05fhgmw91\",\"jsonPayload\":{\"bytes_sent\":\"31140\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33524,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461240929Z\",\"packets_sent\":\"40\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.789945697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:24.789945697Z", + "end": "2019-06-14T03:49:56.461240929Z", + "id": "bxuq05fhgmw91", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60126, + "bytes": 1610630, + "domain": "suricata-iowa", + "ip": "192.0.2.177", + "packets": 509 + }, + "network": { + "community_id": "1:p5hGVmQSWVn7uQmogt/lZdp5AHE=", + "bytes": 1610630, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 509, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.177", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052313700Z", + "original": "{\"insertId\":\"bxuq05fhgmw95\",\"jsonPayload\":{\"bytes_sent\":\"1610630\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.177\",\"src_port\":60126},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.101129310Z\",\"packets_sent\":\"509\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.019841536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:02.019841536Z", + "end": "2019-06-14T03:49:52.101129310Z", + "id": "bxuq05fhgmw95", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 53104, + "domain": "zeek-nsm", + "ip": "198.51.100.88" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 37145, + "packets": 158, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:EvU+L/cBE9vacReP+K7ey2MZ6Bs=", + "bytes": 37145, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 158, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:16.593Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.88" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052320500Z", + "original": "{\"insertId\":\"bxuq05fhgmw9a\",\"jsonPayload\":{\"bytes_sent\":\"37145\",\"connection\":{\"dest_ip\":\"198.51.100.88\",\"dest_port\":53104,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:45.312543839Z\",\"packets_sent\":\"158\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.188944581Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.188944581Z", + "end": "2019-06-14T03:49:45.312543839Z", + "id": "bxuq05fhgmw9a", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 53972, + "bytes": 1460, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052327500Z", + "original": "{\"insertId\":\"198begsfh44xy3\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":53972},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:20.748121914Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:20.634231041Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:20.634231041Z", + "end": "2019-06-14T03:44:20.748121914Z", + "id": "198begsfh44xy3", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Lyl01hrYioXpfyKN9+mxQ134Q4I=", + "bytes": 1460, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 58100, + "bytes": 1458, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052334600Z", + "original": "{\"insertId\":\"198begsfh44xxt\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":58100},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:20.632737426Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:20.512264850Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:20.512264850Z", + "end": "2019-06-14T03:49:20.632737426Z", + "id": "198begsfh44xxt", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:9uwmfdC4y+lRXBPaY4e7QA2YCdo=", + "bytes": 1458, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 58100, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052341600Z", + "original": "{\"insertId\":\"198begsfh44xy8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":58100,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:20.632777660Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:20.512407536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:20.512407536Z", + "end": "2019-06-14T03:49:20.632777660Z", + "id": "198begsfh44xy8", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:9uwmfdC4y+lRXBPaY4e7QA2YCdo=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 60756, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052348600Z", + "original": "{\"insertId\":\"198begsfh44xy9\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":60756,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:11.032929292Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:10.912193869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:10.912193869Z", + "end": "2019-06-14T03:43:11.032929292Z", + "id": "198begsfh44xy9", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:4doByecCNk4FneiHUzTJOKA7tlc=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.182", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "destination": { + "address": "10.139.99.242", + "port": 22, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Shangqiu", + "region_name": "Henan" + }, + "as": { + "number": 4837 + }, + "address": "198.51.100.182", + "port": 14236, + "bytes": 0, + "ip": "198.51.100.182", + "packets": 3 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052355500Z", + "original": "{\"insertId\":\"198begsfh44xxr\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"198.51.100.182\",\"src_port\":14236},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:12.064908439Z\",\"packets_sent\":\"3\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:08.247072525Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.247072525Z", + "end": "2019-06-14T03:40:12.064908439Z", + "id": "198begsfh44xxr", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:41kwAuyQ+p5wBn7ppagdhPjfslw=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 3, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 60122, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052362300Z", + "original": "{\"insertId\":\"198begsfh44xy2\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":60122,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:39.207635184Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:39.087226326Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:39.087226326Z", + "end": "2019-06-14T03:41:39.207635184Z", + "id": "198begsfh44xy2", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bqmZvpZBw56sKswuSbDTHXnb0TU=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 53972, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1782, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052369300Z", + "original": "{\"insertId\":\"198begsfh44xy6\",\"jsonPayload\":{\"bytes_sent\":\"1782\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":53972,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:20.748121914Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:20.634231041Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:20.634231041Z", + "end": "2019-06-14T03:44:20.748121914Z", + "id": "198begsfh44xy6", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Lyl01hrYioXpfyKN9+mxQ134Q4I=", + "bytes": 1782, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33530, + "bytes": 68545, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 368 + }, + "network": { + "community_id": "1:EnH+d3/qmomg2hTDB2XhQfZVi90=", + "bytes": 68545, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 368, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 163 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052376200Z", + "original": "{\"insertId\":\"198begsfh44xxx\",\"jsonPayload\":{\"bytes_sent\":\"68545\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33530},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.205089801Z\",\"packets_sent\":\"368\",\"reporter\":\"DEST\",\"rtt_msec\":\"163\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140301693Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.140301693Z", + "end": "2019-06-14T03:49:52.205089801Z", + "id": "198begsfh44xxx", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 209 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65274, + "bytes": 74613, + "ip": "203.0.113.58", + "packets": 745 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052383200Z", + "original": "{\"insertId\":\"198begsfh44xy4\",\"jsonPayload\":{\"bytes_sent\":\"74613\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65274},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"745\",\"reporter\":\"DEST\",\"rtt_msec\":\"209\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:01.270996793Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.270996793Z", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "198begsfh44xy4", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:okS/edCC5y2BJIxXO7dhFGGEAo8=", + "bytes": 74613, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 745, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 176 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 53879, + "bytes": 74942, + "ip": "203.0.113.58", + "packets": 726 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052390Z", + "original": "{\"insertId\":\"198begsfh44xy1\",\"jsonPayload\":{\"bytes_sent\":\"74942\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":53879},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"726\",\"reporter\":\"DEST\",\"rtt_msec\":\"176\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760414869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760414869Z", + "end": "2019-06-14T03:49:56.312105537Z", + "id": "198begsfh44xy1", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:RJnXD8bwo6xYMLMKaPN85qjHcdQ=", + "bytes": 74942, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 726, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 34450, + "bytes": 1467, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052397Z", + "original": "{\"insertId\":\"198begsfh44xxp\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":34450},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:38.299054333Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:38.189569840Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:38.189569840Z", + "end": "2019-06-14T03:47:38.299054333Z", + "id": "198begsfh44xxp", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:mjrSMbGpta0wXfm0rttjlUEE5S4=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 209 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65274, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 121593, + "packets": 610, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052404Z", + "original": "{\"insertId\":\"198begsfh44xxv\",\"jsonPayload\":{\"bytes_sent\":\"121593\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65274,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"610\",\"reporter\":\"SRC\",\"rtt_msec\":\"209\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.270996793Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.270996793Z", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "198begsfh44xxv", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:okS/edCC5y2BJIxXO7dhFGGEAo8=", + "bytes": 121593, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 610, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 60968, + "bytes": 1464, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052411Z", + "original": "{\"insertId\":\"198begsfh44xy7\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":60968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:39.777977145Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:39.653136947Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:39.653136947Z", + "end": "2019-06-14T03:43:39.777977145Z", + "id": "198begsfh44xy7", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:FaCnDl7uWc7lOELNsyeufwQIgPc=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33530, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 177471, + "packets": 246, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:EnH+d3/qmomg2hTDB2XhQfZVi90=", + "bytes": 177471, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 246, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 163 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052417800Z", + "original": "{\"insertId\":\"198begsfh44xxs\",\"jsonPayload\":{\"bytes_sent\":\"177471\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33530,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.205194199Z\",\"packets_sent\":\"246\",\"reporter\":\"SRC\",\"rtt_msec\":\"163\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140301693Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.140301693Z", + "end": "2019-06-14T03:49:52.205194199Z", + "id": "198begsfh44xxs", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 82 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65275, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 53315, + "packets": 588, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052424800Z", + "original": "{\"insertId\":\"198begsfh44xxq\",\"jsonPayload\":{\"bytes_sent\":\"53315\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65275,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316847800Z\",\"packets_sent\":\"588\",\"reporter\":\"SRC\",\"rtt_msec\":\"82\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.565734921Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.565734921Z", + "end": "2019-06-14T03:49:56.316847800Z", + "id": "198begsfh44xxq", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:HecAvf3EWM638zAmzah9YroP5sc=", + "bytes": 53315, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 588, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 34450, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052431600Z", + "original": "{\"insertId\":\"198begsfh44xxz\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":34450,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:38.299054333Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:38.189569840Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:38.189569840Z", + "end": "2019-06-14T03:47:38.299054333Z", + "id": "198begsfh44xxz", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:mjrSMbGpta0wXfm0rttjlUEE5S4=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 60122, + "bytes": 1467, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052438600Z", + "original": "{\"insertId\":\"198begsfh44xxy\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":60122},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:39.207635184Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:39.087226326Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:39.087226326Z", + "end": "2019-06-14T03:41:39.207635184Z", + "id": "198begsfh44xxy", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bqmZvpZBw56sKswuSbDTHXnb0TU=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 176 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 53879, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 102119, + "packets": 608, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052445500Z", + "original": "{\"insertId\":\"198begsfh44xxu\",\"jsonPayload\":{\"bytes_sent\":\"102119\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":53879,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"608\",\"reporter\":\"SRC\",\"rtt_msec\":\"176\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760414869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760414869Z", + "end": "2019-06-14T03:49:56.312105537Z", + "id": "198begsfh44xxu", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:RJnXD8bwo6xYMLMKaPN85qjHcdQ=", + "bytes": 102119, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 608, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 60968, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1794, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052452300Z", + "original": "{\"insertId\":\"198begsfh44xxo\",\"jsonPayload\":{\"bytes_sent\":\"1794\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":60968,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:39.777977145Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:39.653136947Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:39.653136947Z", + "end": "2019-06-14T03:43:39.777977145Z", + "id": "198begsfh44xxo", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:FaCnDl7uWc7lOELNsyeufwQIgPc=", + "bytes": 1794, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 60756, + "bytes": 1467, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052459100Z", + "original": "{\"insertId\":\"198begsfh44xy0\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":60756},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:11.032929292Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:10.912193869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:10.912193869Z", + "end": "2019-06-14T03:43:11.032929292Z", + "id": "198begsfh44xy0", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:4doByecCNk4FneiHUzTJOKA7tlc=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 82 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65275, + "bytes": 67013, + "ip": "203.0.113.58", + "packets": 710 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052466Z", + "original": "{\"insertId\":\"198begsfh44xxw\",\"jsonPayload\":{\"bytes_sent\":\"67013\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65275},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316847800Z\",\"packets_sent\":\"710\",\"reporter\":\"DEST\",\"rtt_msec\":\"82\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.565734921Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.565734921Z", + "end": "2019-06-14T03:49:56.316847800Z", + "id": "198begsfh44xxw", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:HecAvf3EWM638zAmzah9YroP5sc=", + "bytes": 67013, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 710, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.182" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Shangqiu", + "region_name": "Henan" + }, + "as": { + "number": 4837 + }, + "address": "198.51.100.182", + "port": 14236, + "ip": "198.51.100.182" + }, + "source": { + "address": "10.139.99.242", + "port": 22, + "bytes": 0, + "packets": 1, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052472900Z", + "original": "{\"insertId\":\"198begsfh44xy5\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"198.51.100.182\",\"dest_port\":14236,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:40:09.257387426Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.247072525Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.247072525Z", + "end": "2019-06-14T03:40:09.257387426Z", + "id": "198begsfh44xy5", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:41kwAuyQ+p5wBn7ppagdhPjfslw=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 1, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33542, + "bytes": 64427, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 351 + }, + "network": { + "community_id": "1:VPSH6E9LDgDYoGyFDhfUPu+Qrzg=", + "bytes": 64427, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 351, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 173 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052479700Z", + "original": "{\"insertId\":\"19im82tfdygznq\",\"jsonPayload\":{\"bytes_sent\":\"64427\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33542},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"351\",\"reporter\":\"DEST\",\"rtt_msec\":\"173\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150870105Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150870105Z", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygznq", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33690, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 183366, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 242 + }, + "network": { + "community_id": "1:nOR2MzlGdRdAPthTbrK2arYttrs=", + "bytes": 183366, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 242, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052486500Z", + "original": "{\"insertId\":\"19im82tfdygzn6\",\"jsonPayload\":{\"bytes_sent\":\"183366\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33690,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075665334Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075665334Z", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "19im82tfdygzn6", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33562, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 185295, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 244 + }, + "network": { + "community_id": "1:F2vkpY9ubcm/3+J6iCqgHtizLiU=", + "bytes": 185295, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 244, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052493400Z", + "original": "{\"insertId\":\"19im82tfdygznk\",\"jsonPayload\":{\"bytes_sent\":\"185295\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33562,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:49.549471457Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:49.549471457Z", + "id": "19im82tfdygznk", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 114 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 49438, + "bytes": 68961, + "ip": "203.0.113.58", + "packets": 711 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052500300Z", + "original": "{\"insertId\":\"19im82tfdygznm\",\"jsonPayload\":{\"bytes_sent\":\"68961\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":49438},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220725956Z\",\"packets_sent\":\"711\",\"reporter\":\"DEST\",\"rtt_msec\":\"114\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.398463104Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.398463104Z", + "end": "2019-06-14T03:49:56.220725956Z", + "id": "19im82tfdygznm", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:XQBVj/qvQirewgJk7seie1WKY/s=", + "bytes": 68961, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 711, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33532, + "bytes": 62072, + "packets": 360, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:uLseEqRu8Dul5leogDK11gQV06U=", + "bytes": 62072, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 360, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052507300Z", + "original": "{\"insertId\":\"19im82tfdygzob\",\"jsonPayload\":{\"bytes_sent\":\"62072\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33532},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"360\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072372604Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.072372604Z", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "19im82tfdygzob", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33590, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 198326, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 246 + }, + "network": { + "community_id": "1:m09Xemo/1QRUmAThg0ZtnVcAeS8=", + "bytes": 198326, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 246, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052514300Z", + "original": "{\"insertId\":\"19im82tfdygznc\",\"jsonPayload\":{\"bytes_sent\":\"198326\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33590,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.146956782Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.146956782Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznc", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33550, + "bytes": 61436, + "packets": 362, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:0T9pXVTCUZ37bK4xUSfPnYkUcHk=", + "bytes": 61436, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 362, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052521100Z", + "original": "{\"insertId\":\"19im82tfdygznj\",\"jsonPayload\":{\"bytes_sent\":\"61436\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33550},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznj", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33690, + "bytes": 66791, + "packets": 355, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:nOR2MzlGdRdAPthTbrK2arYttrs=", + "bytes": 66791, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 355, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052528200Z", + "original": "{\"insertId\":\"19im82tfdygzo5\",\"jsonPayload\":{\"bytes_sent\":\"66791\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33690},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"355\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075665334Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.075665334Z", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "19im82tfdygzo5", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 54812, + "bytes": 1457, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052535100Z", + "original": "{\"insertId\":\"19im82tfdygzod\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":54812},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:20.708994883Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:20.595119257Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:20.595119257Z", + "end": "2019-06-14T03:45:20.708994883Z", + "id": "19im82tfdygzod", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:iNSkH+XbFsPOGDVjlyGh+11nIrk=", + "bytes": 1457, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33562, + "bytes": 64466, + "packets": 363, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:F2vkpY9ubcm/3+J6iCqgHtizLiU=", + "bytes": 64466, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 363, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052542100Z", + "original": "{\"insertId\":\"19im82tfdygzna\",\"jsonPayload\":{\"bytes_sent\":\"64466\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33562},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:49.549471457Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:49.549471457Z", + "id": "19im82tfdygzna", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33968, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 174524, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 66 + }, + "network": { + "community_id": "1:BbTL9wZeHMC/sF82yUUcW/2D6CA=", + "bytes": 174524, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 66, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052549100Z", + "original": "{\"insertId\":\"19im82tfdygzng\",\"jsonPayload\":{\"bytes_sent\":\"174524\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33968,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965294083Z\",\"packets_sent\":\"66\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480272197Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.480272197Z", + "end": "2019-06-14T03:49:37.965294083Z", + "id": "19im82tfdygzng", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.228", + "10.49.136.133" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 91 + } + } + }, + "destination": { + "address": "10.49.136.133", + "port": 52780, + "domain": "simianhacker-demo", + "ip": "10.49.136.133" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Boardman", + "region_name": "Oregon" + }, + "as": { + "number": 16509 + }, + "address": "203.0.113.228", + "port": 9243, + "bytes": 181624065, + "ip": "203.0.113.228", + "packets": 28344 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052556Z", + "original": "{\"insertId\":\"19im82tfdygzo1\",\"jsonPayload\":{\"bytes_sent\":\"181624065\",\"connection\":{\"dest_ip\":\"10.49.136.133\",\"dest_port\":52780,\"protocol\":6,\"src_ip\":\"203.0.113.228\",\"src_port\":9243},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:58.592579489Z\",\"packets_sent\":\"28344\",\"reporter\":\"DEST\",\"rtt_msec\":\"91\",\"src_location\":{\"asn\":16509,\"city\":\"Boardman\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Oregon\"},\"start_time\":\"2019-06-14T03:40:17.183499423Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:17.183499423Z", + "end": "2019-06-14T03:49:58.592579489Z", + "id": "19im82tfdygzo1", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:arV4D7RJIpRwsrWa/m7Q9mUVaPI=", + "bytes": 181624065, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 28344, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 51348, + "bytes": 1460, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052562900Z", + "original": "{\"insertId\":\"19im82tfdygzo8\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":51348},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:20.754300982Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:20.630975303Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:20.630975303Z", + "end": "2019-06-14T03:41:20.754300982Z", + "id": "19im82tfdygzo8", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:B8rl49fY7/3p7swViLnHkXbZpvs=", + "bytes": 1460, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.73.186.17", + "192.0.2.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Binzhou", + "region_name": "Shandong" + }, + "as": { + "number": 4837 + }, + "address": "192.0.2.12", + "port": 44128, + "ip": "192.0.2.12" + }, + "source": { + "address": "10.73.186.17", + "port": 22, + "bytes": 0, + "packets": 1, + "domain": "infraops-docker-data", + "ip": "10.73.186.17" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052569700Z", + "original": "{\"insertId\":\"19im82tfdygzoa\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"192.0.2.12\",\"dest_port\":44128,\"protocol\":6,\"src_ip\":\"10.73.186.17\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Binzhou\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Shandong\"},\"end_time\":\"2019-06-14T03:45:22.081121292Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:22.080963433Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:22.080963433Z", + "end": "2019-06-14T03:45:22.081121292Z", + "id": "19im82tfdygzoa", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:RFaj1p+IkzecdvmvndE30lJ6hLs=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 1, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33968, + "bytes": 11137, + "packets": 95, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:BbTL9wZeHMC/sF82yUUcW/2D6CA=", + "bytes": 11137, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 95, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052576600Z", + "original": "{\"insertId\":\"19im82tfdygzn7\",\"jsonPayload\":{\"bytes_sent\":\"11137\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965294083Z\",\"packets_sent\":\"95\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480272197Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.480272197Z", + "end": "2019-06-14T03:49:37.965294083Z", + "id": "19im82tfdygzn7", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 54812, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1776, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052583500Z", + "original": "{\"insertId\":\"19im82tfdygznf\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":54812,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:20.708994883Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:20.595119257Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:20.595119257Z", + "end": "2019-06-14T03:45:20.708994883Z", + "id": "19im82tfdygznf", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:iNSkH+XbFsPOGDVjlyGh+11nIrk=", + "bytes": 1776, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33564, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 21792, + "packets": 186, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:50u5lJ2RV1XFEhO2zdhxvcEDnVw=", + "bytes": 21792, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 186, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 340 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052590400Z", + "original": "{\"insertId\":\"19im82tfdygzni\",\"jsonPayload\":{\"bytes_sent\":\"21792\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33564,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597079770Z\",\"packets_sent\":\"186\",\"reporter\":\"SRC\",\"rtt_msec\":\"340\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866944869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.866944869Z", + "end": "2019-06-14T03:49:59.597079770Z", + "id": "19im82tfdygzni", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 114 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 49438, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 74370, + "packets": 580, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052597300Z", + "original": "{\"insertId\":\"19im82tfdygzns\",\"jsonPayload\":{\"bytes_sent\":\"74370\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":49438,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220725956Z\",\"packets_sent\":\"580\",\"reporter\":\"SRC\",\"rtt_msec\":\"114\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.398463104Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.398463104Z", + "end": "2019-06-14T03:49:56.220725956Z", + "id": "19im82tfdygzns", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:XQBVj/qvQirewgJk7seie1WKY/s=", + "bytes": 74370, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 580, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33550, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 138337, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 244 + }, + "network": { + "community_id": "1:0T9pXVTCUZ37bK4xUSfPnYkUcHk=", + "bytes": 138337, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 244, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052604100Z", + "original": "{\"insertId\":\"19im82tfdygznp\",\"jsonPayload\":{\"bytes_sent\":\"138337\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33550,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500498059Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznp", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60110, + "domain": "suricata-iowa", + "ip": "192.0.2.177" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 30062, + "packets": 124, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:KL7wHxQCZ0qbnYIzbI2WPJd+SRw=", + "bytes": 30062, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 124, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.0.2.177" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052611Z", + "original": "{\"insertId\":\"19im82tfdygzo9\",\"jsonPayload\":{\"bytes_sent\":\"30062\",\"connection\":{\"dest_ip\":\"192.0.2.177\",\"dest_port\":60110,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:46.020466750Z\",\"packets_sent\":\"124\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:10.874529937Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:10.874529937Z", + "end": "2019-06-14T03:49:46.020466750Z", + "id": "19im82tfdygzo9", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 51348, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052618100Z", + "original": "{\"insertId\":\"19im82tfdygzo3\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":51348,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:20.754300982Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:20.630975303Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:20.630975303Z", + "end": "2019-06-14T03:41:20.754300982Z", + "id": "19im82tfdygzo3", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:B8rl49fY7/3p7swViLnHkXbZpvs=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33560, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 152218, + "packets": 243, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:oxwQ2yjTxzJgTjy4DOGjIjbTugc=", + "bytes": 152218, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 243, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 116 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052625Z", + "original": "{\"insertId\":\"19im82tfdygznz\",\"jsonPayload\":{\"bytes_sent\":\"152218\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33560,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565026127Z\",\"packets_sent\":\"243\",\"reporter\":\"SRC\",\"rtt_msec\":\"116\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.076060079Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.076060079Z", + "end": "2019-06-14T03:49:59.565026127Z", + "id": "19im82tfdygznz", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33510, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 143085, + "packets": 249, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:5M4qP42kXGLdSXH7/5CyFYlf2ys=", + "bytes": 143085, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 249, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 352 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052632Z", + "original": "{\"insertId\":\"19im82tfdygzo4\",\"jsonPayload\":{\"bytes_sent\":\"143085\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33510,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565078274Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"352\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074688714Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074688714Z", + "end": "2019-06-14T03:49:59.565078274Z", + "id": "19im82tfdygzo4", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33510, + "bytes": 61245, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 356 + }, + "network": { + "community_id": "1:5M4qP42kXGLdSXH7/5CyFYlf2ys=", + "bytes": 61245, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 356, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 352 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052638900Z", + "original": "{\"insertId\":\"19im82tfdygznt\",\"jsonPayload\":{\"bytes_sent\":\"61245\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33510},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565078274Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"352\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074688714Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.074688714Z", + "end": "2019-06-14T03:49:59.565078274Z", + "id": "19im82tfdygznt", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33532, + "bytes": 65919, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 361 + }, + "network": { + "community_id": "1:Es6n9v5EcaaEvnW+j5pfFK2BgWc=", + "bytes": 65919, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 361, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 270 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052645800Z", + "original": "{\"insertId\":\"19im82tfdygznu\",\"jsonPayload\":{\"bytes_sent\":\"65919\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33532},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"361\",\"reporter\":\"DEST\",\"rtt_msec\":\"270\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072555233Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.072555233Z", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygznu", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.182" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1439 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Shangqiu", + "region_name": "Henan" + }, + "as": { + "number": 4837 + }, + "address": "198.51.100.182", + "port": 41822, + "ip": "198.51.100.182" + }, + "source": { + "address": "10.139.99.242", + "port": 22, + "bytes": 0, + "packets": 4, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052652700Z", + "original": "{\"insertId\":\"19im82tfdygzo6\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"198.51.100.182\",\"dest_port\":41822,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:40:40.058368408Z\",\"packets_sent\":\"4\",\"reporter\":\"SRC\",\"rtt_msec\":\"1439\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:12.068494835Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:12.068494835Z", + "end": "2019-06-14T03:40:40.058368408Z", + "id": "19im82tfdygzo6", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:d5LNFArWcoFOBS9SH59qLdZmfEw=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 4, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33532, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 188997, + "packets": 251, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:Es6n9v5EcaaEvnW+j5pfFK2BgWc=", + "bytes": 188997, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 251, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 270 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052659500Z", + "original": "{\"insertId\":\"19im82tfdygzno\",\"jsonPayload\":{\"bytes_sent\":\"188997\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33532,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"251\",\"reporter\":\"SRC\",\"rtt_msec\":\"270\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072555233Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.072555233Z", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygzno", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33568, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 16783, + "packets": 79, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:0bB9/qzQDttOyEP0YcGU/tYSYIQ=", + "bytes": 16783, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 79, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 506 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052666300Z", + "original": "{\"insertId\":\"19im82tfdygzo0\",\"jsonPayload\":{\"bytes_sent\":\"16783\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33568,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789035952Z\",\"packets_sent\":\"79\",\"reporter\":\"SRC\",\"rtt_msec\":\"506\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.456732113Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.456732113Z", + "end": "2019-06-14T03:49:51.789035952Z", + "id": "19im82tfdygzo0", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33858, + "bytes": 18120, + "packets": 120, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:QGl7xqW3Uf/sdc65sGHXAGERKzs=", + "bytes": 18120, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 120, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 4 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052676Z", + "original": "{\"insertId\":\"19im82tfdygznd\",\"jsonPayload\":{\"bytes_sent\":\"18120\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33858},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"120\",\"reporter\":\"SRC\",\"rtt_msec\":\"4\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458361534Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.458361534Z", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "19im82tfdygznd", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33558, + "bytes": 64071, + "packets": 368, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:A0Ohg3bqUresKEeBgZsLcFqEPRw=", + "bytes": 64071, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 368, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052683300Z", + "original": "{\"insertId\":\"19im82tfdygzn8\",\"jsonPayload\":{\"bytes_sent\":\"64071\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33558},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"368\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140109489Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.140109489Z", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "19im82tfdygzn8", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 53106, + "domain": "zeek-nsm", + "ip": "198.51.100.88" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 175465, + "packets": 337, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:7XAVLIIXucPcO5qM8uynmx+KF7s=", + "bytes": 175465, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 337, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.88" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052690300Z", + "original": "{\"insertId\":\"19im82tfdygznw\",\"jsonPayload\":{\"bytes_sent\":\"175465\",\"connection\":{\"dest_ip\":\"198.51.100.88\",\"dest_port\":53106,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.401543207Z\",\"packets_sent\":\"337\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.020290305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.020290305Z", + "end": "2019-06-14T03:49:56.401543207Z", + "id": "19im82tfdygznw", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.49.136.133", + "203.0.113.228" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 91 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Boardman", + "region_name": "Oregon" + }, + "as": { + "number": 16509 + }, + "address": "203.0.113.228", + "port": 9243, + "ip": "203.0.113.228" + }, + "source": { + "address": "10.49.136.133", + "port": 52780, + "bytes": 1987804, + "packets": 26428, + "domain": "simianhacker-demo", + "ip": "10.49.136.133" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052697200Z", + "original": "{\"insertId\":\"19im82tfdygzo2\",\"jsonPayload\":{\"bytes_sent\":\"1987804\",\"connection\":{\"dest_ip\":\"203.0.113.228\",\"dest_port\":9243,\"protocol\":6,\"src_ip\":\"10.49.136.133\",\"src_port\":52780},\"dest_location\":{\"asn\":16509,\"city\":\"Boardman\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Oregon\"},\"end_time\":\"2019-06-14T03:49:58.592579489Z\",\"packets_sent\":\"26428\",\"reporter\":\"SRC\",\"rtt_msec\":\"91\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:17.183499423Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:17.183499423Z", + "end": "2019-06-14T03:49:58.592579489Z", + "id": "19im82tfdygzo2", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:arV4D7RJIpRwsrWa/m7Q9mUVaPI=", + "bytes": 1987804, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 26428, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33532, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 206824, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 242 + }, + "network": { + "community_id": "1:uLseEqRu8Dul5leogDK11gQV06U=", + "bytes": 206824, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 242, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052704100Z", + "original": "{\"insertId\":\"19im82tfdygzn9\",\"jsonPayload\":{\"bytes_sent\":\"206824\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33532,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072372604Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.072372604Z", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "19im82tfdygzn9", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33858, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 14287, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 80 + }, + "network": { + "community_id": "1:QGl7xqW3Uf/sdc65sGHXAGERKzs=", + "bytes": 14287, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 80, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 4 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052711200Z", + "original": "{\"insertId\":\"19im82tfdygznh\",\"jsonPayload\":{\"bytes_sent\":\"14287\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33858,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"80\",\"reporter\":\"DEST\",\"rtt_msec\":\"4\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458361534Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.458361534Z", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "19im82tfdygznh", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33550, + "bytes": 59376, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 354 + }, + "network": { + "community_id": "1:5jhhJcbdl0291s4YJNbALw8uNfs=", + "bytes": 59376, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 354, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 250 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052718300Z", + "original": "{\"insertId\":\"19im82tfdygzny\",\"jsonPayload\":{\"bytes_sent\":\"59376\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33550},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108649Z\",\"packets_sent\":\"354\",\"reporter\":\"DEST\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.496238286Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.496238286Z", + "end": "2019-06-14T03:49:59.565108649Z", + "id": "19im82tfdygzny", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33568, + "bytes": 11214, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 120 + }, + "network": { + "community_id": "1:0bB9/qzQDttOyEP0YcGU/tYSYIQ=", + "bytes": 11214, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 120, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 506 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052725300Z", + "original": "{\"insertId\":\"19im82tfdygzoe\",\"jsonPayload\":{\"bytes_sent\":\"11214\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789035952Z\",\"packets_sent\":\"120\",\"reporter\":\"DEST\",\"rtt_msec\":\"506\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.456732113Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.456732113Z", + "end": "2019-06-14T03:49:51.789035952Z", + "id": "19im82tfdygzoe", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 53106, + "bytes": 1763338, + "domain": "zeek-nsm", + "ip": "198.51.100.88", + "packets": 598 + }, + "network": { + "community_id": "1:7XAVLIIXucPcO5qM8uynmx+KF7s=", + "bytes": 1763338, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 598, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.88", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052732400Z", + "original": "{\"insertId\":\"19im82tfdygznn\",\"jsonPayload\":{\"bytes_sent\":\"1763338\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"198.51.100.88\",\"src_port\":53106},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.401543207Z\",\"packets_sent\":\"598\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.020290305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.020290305Z", + "end": "2019-06-14T03:49:56.401543207Z", + "id": "19im82tfdygznn", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33590, + "bytes": 67239, + "packets": 363, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:m09Xemo/1QRUmAThg0ZtnVcAeS8=", + "bytes": 67239, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 363, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052739500Z", + "original": "{\"insertId\":\"19im82tfdygznl\",\"jsonPayload\":{\"bytes_sent\":\"67239\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33590},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.146956782Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.146956782Z", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznl", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33558, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 250327, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 247 + }, + "network": { + "community_id": "1:A0Ohg3bqUresKEeBgZsLcFqEPRw=", + "bytes": 250327, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 247, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052746600Z", + "original": "{\"insertId\":\"19im82tfdygznv\",\"jsonPayload\":{\"bytes_sent\":\"250327\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33558,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"247\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140109489Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.140109489Z", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "19im82tfdygznv", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.12", + "10.73.186.17" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "destination": { + "address": "10.73.186.17", + "port": 22, + "domain": "infraops-docker-data", + "ip": "10.73.186.17" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Binzhou", + "region_name": "Shandong" + }, + "as": { + "number": 4837 + }, + "address": "192.0.2.12", + "port": 44128, + "bytes": 0, + "ip": "192.0.2.12", + "packets": 2 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052753500Z", + "original": "{\"insertId\":\"19im82tfdygzoc\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.73.186.17\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.0.2.12\",\"src_port\":44128},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:22.318564382Z\",\"packets_sent\":\"2\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":4837,\"city\":\"Binzhou\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Shandong\"},\"start_time\":\"2019-06-14T03:45:22.080963433Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:45:22.080963433Z", + "end": "2019-06-14T03:45:22.318564382Z", + "id": "19im82tfdygzoc", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:RFaj1p+IkzecdvmvndE30lJ6hLs=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 2, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33542, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 266531, + "packets": 253, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:VPSH6E9LDgDYoGyFDhfUPu+Qrzg=", + "bytes": 266531, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 253, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 173 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052760500Z", + "original": "{\"insertId\":\"19im82tfdygzof\",\"jsonPayload\":{\"bytes_sent\":\"266531\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33542,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"253\",\"reporter\":\"SRC\",\"rtt_msec\":\"173\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150870105Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150870105Z", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygzof", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33560, + "bytes": 65184, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 358 + }, + "network": { + "community_id": "1:oxwQ2yjTxzJgTjy4DOGjIjbTugc=", + "bytes": 65184, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 358, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 116 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052767500Z", + "original": "{\"insertId\":\"19im82tfdygznr\",\"jsonPayload\":{\"bytes_sent\":\"65184\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33560},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565026127Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"116\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.076060079Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:06.076060079Z", + "end": "2019-06-14T03:49:59.565026127Z", + "id": "19im82tfdygznr", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33564, + "bytes": 319459, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 180 + }, + "network": { + "community_id": "1:50u5lJ2RV1XFEhO2zdhxvcEDnVw=", + "bytes": 319459, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 180, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 340 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052774500Z", + "original": "{\"insertId\":\"19im82tfdygznx\",\"jsonPayload\":{\"bytes_sent\":\"319459\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33564},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597079770Z\",\"packets_sent\":\"180\",\"reporter\":\"DEST\",\"rtt_msec\":\"340\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866944869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.866944869Z", + "end": "2019-06-14T03:49:59.597079770Z", + "id": "19im82tfdygznx", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.177", + "port": 60110, + "bytes": 519100, + "domain": "suricata-iowa", + "ip": "192.0.2.177", + "packets": 224 + }, + "network": { + "community_id": "1:KL7wHxQCZ0qbnYIzbI2WPJd+SRw=", + "bytes": 519100, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 224, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.177", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052781400Z", + "original": "{\"insertId\":\"19im82tfdygzo7\",\"jsonPayload\":{\"bytes_sent\":\"519100\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.0.2.177\",\"src_port\":60110},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:46.020466750Z\",\"packets_sent\":\"224\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:10.874529937Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:10.874529937Z", + "end": "2019-06-14T03:49:46.020466750Z", + "id": "19im82tfdygzo7", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33550, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 139513, + "packets": 243, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:5jhhJcbdl0291s4YJNbALw8uNfs=", + "bytes": 139513, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 243, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 250 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052788300Z", + "original": "{\"insertId\":\"19im82tfdygznb\",\"jsonPayload\":{\"bytes_sent\":\"139513\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33550,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108649Z\",\"packets_sent\":\"243\",\"reporter\":\"SRC\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143811431Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:02.143811431Z", + "end": "2019-06-14T03:49:59.565108649Z", + "id": "19im82tfdygznb", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.182", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1439 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 22, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Shangqiu", + "region_name": "Henan" + }, + "as": { + "number": 4837 + }, + "address": "198.51.100.182", + "port": 41822, + "bytes": 0, + "ip": "198.51.100.182", + "packets": 8 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052795100Z", + "original": "{\"insertId\":\"19im82tfdygzne\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"198.51.100.182\",\"src_port\":41822},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:40.058226439Z\",\"packets_sent\":\"8\",\"reporter\":\"DEST\",\"rtt_msec\":\"1439\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:12.068494835Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:12.068494835Z", + "end": "2019-06-14T03:40:40.058226439Z", + "id": "19im82tfdygzne", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:d5LNFArWcoFOBS9SH59qLdZmfEw=", + "bytes": 0, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 8, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33572, + "bytes": 11109, + "packets": 105, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:1JiVoUP9ZCGJx3vJg7cg+GheZ8o=", + "bytes": 11109, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 105, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052802100Z", + "original": "{\"insertId\":\"1gq7q7afe373fw\",\"jsonPayload\":{\"bytes_sent\":\"11109\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33572},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"105\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466742414Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466742414Z", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "1gq7q7afe373fw", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33970, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 173496, + "packets": 81, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:scGILrXad9XwMVy45aBpAVcS9Bc=", + "bytes": 173496, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 81, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 308 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052809200Z", + "original": "{\"insertId\":\"1gq7q7afe373et\",\"jsonPayload\":{\"bytes_sent\":\"173496\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821154389Z\",\"packets_sent\":\"81\",\"reporter\":\"SRC\",\"rtt_msec\":\"308\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470006631Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.470006631Z", + "end": "2019-06-14T03:49:51.821154389Z", + "id": "1gq7q7afe373et", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33536, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 182861, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 245 + }, + "network": { + "community_id": "1:egds7+adPwr8MrtaK+oAyWTmtL0=", + "bytes": 182861, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 245, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052816200Z", + "original": "{\"insertId\":\"1gq7q7afe373f4\",\"jsonPayload\":{\"bytes_sent\":\"182861\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33536,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"245\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150282980Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150282980Z", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "1gq7q7afe373f4", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33570, + "bytes": 12145, + "packets": 94, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:HQLAb7M1d/3INTFS0VfYPWDgNSc=", + "bytes": 12145, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 94, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052823200Z", + "original": "{\"insertId\":\"1gq7q7afe373eo\",\"jsonPayload\":{\"bytes_sent\":\"12145\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33570},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"94\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466779642Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466779642Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "1gq7q7afe373eo", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 62 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65319, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 178669, + "packets": 634, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052830Z", + "original": "{\"insertId\":\"1gq7q7afe373fb\",\"jsonPayload\":{\"bytes_sent\":\"178669\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65319,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220617595Z\",\"packets_sent\":\"634\",\"reporter\":\"SRC\",\"rtt_msec\":\"62\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.740597880Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.740597880Z", + "end": "2019-06-14T03:49:56.220617595Z", + "id": "1gq7q7afe373fb", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:KwNXrQ3LrN8XseQR+n3DlXZgE84=", + "bytes": 178669, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 634, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33540, + "bytes": 62066, + "packets": 359, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:VI3r5tULP+rnInZrp9gsYAw2kGA=", + "bytes": 62066, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 359, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052837200Z", + "original": "{\"insertId\":\"1gq7q7afe373fs\",\"jsonPayload\":{\"bytes_sent\":\"62066\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33540},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"359\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500483335Z", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "1gq7q7afe373fs", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33970, + "bytes": 13440, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 96 + }, + "network": { + "community_id": "1:scGILrXad9XwMVy45aBpAVcS9Bc=", + "bytes": 13440, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 96, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 308 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052844400Z", + "original": "{\"insertId\":\"1gq7q7afe373ei\",\"jsonPayload\":{\"bytes_sent\":\"13440\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33970},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"96\",\"reporter\":\"DEST\",\"rtt_msec\":\"308\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470006631Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.470006631Z", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "1gq7q7afe373ei", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33966, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 368131, + "packets": 76, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:JeEMpLpISUoKidiacbnV1gCPvyA=", + "bytes": 368131, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 76, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 0 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052851300Z", + "original": "{\"insertId\":\"1gq7q7afe373ez\",\"jsonPayload\":{\"bytes_sent\":\"368131\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33966,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:50.800931420Z\",\"packets_sent\":\"76\",\"reporter\":\"SRC\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510698570Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510698570Z", + "end": "2019-06-14T03:49:50.800931420Z", + "id": "1gq7q7afe373ez", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33536, + "bytes": 66258, + "packets": 365, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:egds7+adPwr8MrtaK+oAyWTmtL0=", + "bytes": 66258, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 365, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052858300Z", + "original": "{\"insertId\":\"1gq7q7afe373fh\",\"jsonPayload\":{\"bytes_sent\":\"66258\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"365\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150282980Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.150282980Z", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "1gq7q7afe373fh", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 156 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65276, + "bytes": 76976, + "ip": "203.0.113.58", + "packets": 749 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052865400Z", + "original": "{\"insertId\":\"1gq7q7afe373es\",\"jsonPayload\":{\"bytes_sent\":\"76976\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65276},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220621567Z\",\"packets_sent\":\"749\",\"reporter\":\"DEST\",\"rtt_msec\":\"156\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760349279Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760349279Z", + "end": "2019-06-14T03:49:56.220621567Z", + "id": "1gq7q7afe373es", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:BPNXWYQI8he7USxOsykyWmD0NE8=", + "bytes": 76976, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 749, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 62 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65319, + "bytes": 72967, + "ip": "203.0.113.58", + "packets": 747 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052872400Z", + "original": "{\"insertId\":\"1gq7q7afe373fu\",\"jsonPayload\":{\"bytes_sent\":\"72967\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65319},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220617595Z\",\"packets_sent\":\"747\",\"reporter\":\"DEST\",\"rtt_msec\":\"62\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.740597880Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.740597880Z", + "end": "2019-06-14T03:49:56.220617595Z", + "id": "1gq7q7afe373fu", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:KwNXrQ3LrN8XseQR+n3DlXZgE84=", + "bytes": 72967, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 747, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 50364, + "bytes": 1464, + "ip": "203.0.113.27", + "packets": 9 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052879400Z", + "original": "{\"insertId\":\"1gq7q7afe373f2\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":50364},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:08.797851544Z\",\"packets_sent\":\"9\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:08.412738626Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.412738626Z", + "end": "2019-06-14T03:40:08.797851544Z", + "id": "1gq7q7afe373f2", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:peICi+mlxd/skeLBLZFlScKlq64=", + "bytes": 1464, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 9, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 50364, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1784, + "packets": 8, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052886500Z", + "original": "{\"insertId\":\"1gq7q7afe373ee\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":50364,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:08.797851544Z\",\"packets_sent\":\"8\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.412738626Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.412738626Z", + "end": "2019-06-14T03:40:08.797851544Z", + "id": "1gq7q7afe373ee", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:peICi+mlxd/skeLBLZFlScKlq64=", + "bytes": 1784, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 8, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 33126, + "bytes": 1457, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052893500Z", + "original": "{\"insertId\":\"1gq7q7afe373ey\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":33126},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:50.919744677Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:50.809605761Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:50.809605761Z", + "end": "2019-06-14T03:44:50.919744677Z", + "id": "1gq7q7afe373ey", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:sXU+vhS+/ljMyFECIDnNyFQq2qU=", + "bytes": 1457, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 96 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65318, + "bytes": 73215, + "ip": "203.0.113.58", + "packets": 747 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052900500Z", + "original": "{\"insertId\":\"1gq7q7afe373e7\",\"jsonPayload\":{\"bytes_sent\":\"73215\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65318},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"747\",\"reporter\":\"DEST\",\"rtt_msec\":\"96\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760345858Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760345858Z", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "1gq7q7afe373e7", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:GgfFDV/IDDGuMmQ9Zk+/ReCe5Rk=", + "bytes": 73215, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 747, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 53096, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052907400Z", + "original": "{\"insertId\":\"1gq7q7afe373f8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":53096,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:20.813699795Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:20.700692281Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:20.700692281Z", + "end": "2019-06-14T03:43:20.813699795Z", + "id": "1gq7q7afe373f8", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:46cExc+emRbBX/kM/ZWcv8rVUgE=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33570, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 176465, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 65 + }, + "network": { + "community_id": "1:HQLAb7M1d/3INTFS0VfYPWDgNSc=", + "bytes": 176465, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 65, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052914600Z", + "original": "{\"insertId\":\"1gq7q7afe373ec\",\"jsonPayload\":{\"bytes_sent\":\"176465\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33570,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"65\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466779642Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466779642Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "1gq7q7afe373ec", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 33126, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1776, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052921600Z", + "original": "{\"insertId\":\"1gq7q7afe373f5\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":33126,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:50.919744677Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:50.809605761Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:44:50.809605761Z", + "end": "2019-06-14T03:44:50.919744677Z", + "id": "1gq7q7afe373f5", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:sXU+vhS+/ljMyFECIDnNyFQq2qU=", + "bytes": 1776, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 56478, + "bytes": 1458, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.052928500Z", + "original": "{\"insertId\":\"1gq7q7afe373f6\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":56478},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:20.566586739Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:20.450631492Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:20.450631492Z", + "end": "2019-06-14T03:47:20.566586739Z", + "id": "1gq7q7afe373f6", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bLZCzhETfwqvL9yQ1jHjTJwKork=", + "bytes": 1458, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 52430, + "domain": "zeek-nsm", + "ip": "198.51.100.88" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 32764, + "packets": 228, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:Ymi/D60yNYon9EIJPZfAYxcQ+xc=", + "bytes": 32764, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 228, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.88" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052935500Z", + "original": "{\"insertId\":\"1gq7q7afe373fo\",\"jsonPayload\":{\"bytes_sent\":\"32764\",\"connection\":{\"dest_ip\":\"198.51.100.88\",\"dest_port\":52430,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:53.081386115Z\",\"packets_sent\":\"228\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:07.968717244Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:07.968717244Z", + "end": "2019-06-14T03:49:53.081386115Z", + "id": "1gq7q7afe373fo", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.27" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 34536, + "ip": "203.0.113.27" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052942500Z", + "original": "{\"insertId\":\"1gq7q7afe373ek\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"203.0.113.27\",\"dest_port\":34536,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:51.162931667Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:51.050074134Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:51.050074134Z", + "end": "2019-06-14T03:47:51.162931667Z", + "id": "1gq7q7afe373ek", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:+zMbnpjHTGFzARWUkJuGfy8ryQE=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33572, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 137855, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 72 + }, + "network": { + "community_id": "1:1JiVoUP9ZCGJx3vJg7cg+GheZ8o=", + "bytes": 137855, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 72, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052949300Z", + "original": "{\"insertId\":\"1gq7q7afe373fj\",\"jsonPayload\":{\"bytes_sent\":\"137855\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33572,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"72\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466742414Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466742414Z", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "1gq7q7afe373fj", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33540, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 125197, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 242 + }, + "network": { + "community_id": "1:VI3r5tULP+rnInZrp9gsYAw2kGA=", + "bytes": 125197, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 242, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052956300Z", + "original": "{\"insertId\":\"1gq7q7afe373fm\",\"jsonPayload\":{\"bytes_sent\":\"125197\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33540,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.500483335Z", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "1gq7q7afe373fm", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 53096, + "bytes": 917832, + "domain": "zeek-nsm", + "ip": "198.51.100.88", + "packets": 230 + }, + "network": { + "community_id": "1:P09xUQegPHVLOJDKriRG0pgrXhE=", + "bytes": 917832, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 230, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.88", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052963200Z", + "original": "{\"insertId\":\"1gq7q7afe373eg\",\"jsonPayload\":{\"bytes_sent\":\"917832\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"198.51.100.88\",\"src_port\":53096},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.219496168Z\",\"packets_sent\":\"230\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.853096315Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.853096315Z", + "end": "2019-06-14T03:49:56.219496168Z", + "id": "1gq7q7afe373eg", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 53096, + "domain": "zeek-nsm", + "ip": "198.51.100.88" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 55572, + "packets": 133, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:P09xUQegPHVLOJDKriRG0pgrXhE=", + "bytes": 55572, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 133, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "198.51.100.88" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052970200Z", + "original": "{\"insertId\":\"1gq7q7afe373fc\",\"jsonPayload\":{\"bytes_sent\":\"55572\",\"connection\":{\"dest_ip\":\"198.51.100.88\",\"dest_port\":53096,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.219496168Z\",\"packets_sent\":\"133\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.853096315Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:01.853096315Z", + "end": "2019-06-14T03:49:56.219496168Z", + "id": "1gq7q7afe373fc", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33966, + "bytes": 4615, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 75 + }, + "network": { + "community_id": "1:JeEMpLpISUoKidiacbnV1gCPvyA=", + "bytes": 4615, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 75, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 0 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.052977400Z", + "original": "{\"insertId\":\"1gq7q7afe373eq\",\"jsonPayload\":{\"bytes_sent\":\"4615\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33966},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821049800Z\",\"packets_sent\":\"75\",\"reporter\":\"DEST\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510698570Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:20.510698570Z", + "end": "2019-06-14T03:49:51.821049800Z", + "id": "1gq7q7afe373eq", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 96 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65318, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 75612, + "packets": 583, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.052984400Z", + "original": "{\"insertId\":\"1gq7q7afe373ev\",\"jsonPayload\":{\"bytes_sent\":\"75612\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65318,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"583\",\"reporter\":\"SRC\",\"rtt_msec\":\"96\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760345858Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760345858Z", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "1gq7q7afe373ev", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:GgfFDV/IDDGuMmQ9Zk+/ReCe5Rk=", + "bytes": 75612, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 583, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.27", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.27", + "port": 34536, + "bytes": 1461, + "ip": "203.0.113.27", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053021300Z", + "original": "{\"insertId\":\"1gq7q7afe373em\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.27\",\"src_port\":34536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:51.162931667Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:51.050074134Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:51.050074134Z", + "end": "2019-06-14T03:47:51.162931667Z", + "id": "1gq7q7afe373em", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:+zMbnpjHTGFzARWUkJuGfy8ryQE=", + "bytes": 1461, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 56478, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053027800Z", + "original": "{\"insertId\":\"1gq7q7afe373ew\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":56478,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:20.566586739Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:20.450631492Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:20.450631492Z", + "end": "2019-06-14T03:47:20.566586739Z", + "id": "1gq7q7afe373ew", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:bLZCzhETfwqvL9yQ1jHjTJwKork=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "domain": "elasticsearch", + "ip": "198.51.100.248" + }, + "source": { + "address": "10.87.40.76", + "port": 33694, + "bytes": 64140, + "packets": 371, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "network": { + "community_id": "1:N5r6MyBXAb6L/bLUGnRfhE2dyYM=", + "bytes": 64140, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 371, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.248" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053033100Z", + "original": "{\"insertId\":\"1gq7q7afe373e9\",\"jsonPayload\":{\"bytes_sent\":\"64140\",\"connection\":{\"dest_ip\":\"198.51.100.248\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33694},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"371\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566359759Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.566359759Z", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "1gq7q7afe373e9", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 53096, + "bytes": 1458, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053040200Z", + "original": "{\"insertId\":\"1gq7q7afe373f9\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":53096},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:20.813699795Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:20.700692281Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:43:20.700692281Z", + "end": "2019-06-14T03:43:20.813699795Z", + "id": "1gq7q7afe373f9", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:46cExc+emRbBX/kM/ZWcv8rVUgE=", + "bytes": 1458, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33694, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 231764, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 251 + }, + "network": { + "community_id": "1:N5r6MyBXAb6L/bLUGnRfhE2dyYM=", + "bytes": 231764, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 251, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053047100Z", + "original": "{\"insertId\":\"1gq7q7afe373f1\",\"jsonPayload\":{\"bytes_sent\":\"231764\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33694,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566359759Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:05.566359759Z", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "1gq7q7afe373f1", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 156 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65276, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 107878, + "packets": 614, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053054Z", + "original": "{\"insertId\":\"1gq7q7afe373ff\",\"jsonPayload\":{\"bytes_sent\":\"107878\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65276,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220621567Z\",\"packets_sent\":\"614\",\"reporter\":\"SRC\",\"rtt_msec\":\"156\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760349279Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760349279Z", + "end": "2019-06-14T03:49:56.220621567Z", + "id": "1gq7q7afe373ff", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:BPNXWYQI8he7USxOsykyWmD0NE8=", + "bytes": 107878, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 614, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.88", + "port": 52430, + "bytes": 595838, + "domain": "zeek-nsm", + "ip": "198.51.100.88", + "packets": 299 + }, + "network": { + "community_id": "1:Ymi/D60yNYon9EIJPZfAYxcQ+xc=", + "bytes": 595838, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 299, + "direction": "internal" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:17.763Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.88", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "my-sample-project", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053061100Z", + "original": "{\"insertId\":\"1gq7q7afe373fq\",\"jsonPayload\":{\"bytes_sent\":\"595838\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"198.51.100.88\",\"src_port\":52430},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:53.081386115Z\",\"packets_sent\":\"299\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:07.968717244Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:07.968717244Z", + "end": "2019-06-14T03:49:53.081386115Z", + "id": "1gq7q7afe373fq", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 37 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 56410, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053068200Z", + "original": "{\"insertId\":\"14iipwlfd8t01n\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":56410,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:10.630345069Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"37\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:10.514594429Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:10.514594429Z", + "end": "2019-06-14T03:47:10.630345069Z", + "id": "14iipwlfd8t01n", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:0c52Gpv2d5YT01CRixtDXpBMSJQ=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 51950, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053075200Z", + "original": "{\"insertId\":\"14iipwlfd8t01j\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":51950,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:50.757658840Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:50.645030007Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:50.645030007Z", + "end": "2019-06-14T03:41:50.757658840Z", + "id": "14iipwlfd8t01j", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:pHA6HHmyea3zNeMwTBqwG+WoGI0=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33876, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 361966, + "packets": 80, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:dURBkayd+umbcZOJIS7+sTQjLag=", + "bytes": 361966, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 80, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 34 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053082100Z", + "original": "{\"insertId\":\"14iipwlfd8t01o\",\"jsonPayload\":{\"bytes_sent\":\"361966\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33876,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933154111Z\",\"packets_sent\":\"80\",\"reporter\":\"SRC\",\"rtt_msec\":\"34\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466868771Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466868771Z", + "end": "2019-06-14T03:49:37.933154111Z", + "id": "14iipwlfd8t01o", + "category": "network", + "type": "connection" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 51950, + "bytes": 1457, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053089200Z", + "original": "{\"insertId\":\"14iipwlfd8t01p\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":51950},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:50.757658840Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:50.645030007Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:50.645030007Z", + "end": "2019-06-14T03:41:50.757658840Z", + "id": "14iipwlfd8t01p", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:pHA6HHmyea3zNeMwTBqwG+WoGI0=", + "bytes": 1457, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "192.0.2.117" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 58658, + "ip": "192.0.2.117" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1781, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053096300Z", + "original": "{\"insertId\":\"14iipwlfd8t01e\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.0.2.117\",\"dest_port\":58658,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:50.856250208Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:50.733935895Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:50.733935895Z", + "end": "2019-06-14T03:49:50.856250208Z", + "id": "14iipwlfd8t01e", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:O0CO0+ucLIQiJqFN7AsbDZv6vyc=", + "bytes": 1781, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.12", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 59924, + "bytes": 1467, + "ip": "203.0.113.12", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053103300Z", + "original": "{\"insertId\":\"14iipwlfd8t01q\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"203.0.113.12\",\"src_port\":59924},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:08.213471928Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:08.092659117Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:08.092659117Z", + "end": "2019-06-14T03:41:08.213471928Z", + "id": "14iipwlfd8t01q", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:T0Rv8TiMkVLDs+lIQf8LeL2yG4A=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.117", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "192.0.2.117", + "port": 58658, + "bytes": 1461, + "ip": "192.0.2.117", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053120300Z", + "original": "{\"insertId\":\"14iipwlfd8t01i\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.0.2.117\",\"src_port\":58658},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:50.856250208Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:50.733935895Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:49:50.733935895Z", + "end": "2019-06-14T03:49:50.856250208Z", + "id": "14iipwlfd8t01i", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:O0CO0+ucLIQiJqFN7AsbDZv6vyc=", + "bytes": 1461, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 123 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65272, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 123732, + "packets": 618, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053129500Z", + "original": "{\"insertId\":\"14iipwlfd8t01k\",\"jsonPayload\":{\"bytes_sent\":\"123732\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65272,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316981133Z\",\"packets_sent\":\"618\",\"reporter\":\"SRC\",\"rtt_msec\":\"123\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.403442252Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.403442252Z", + "end": "2019-06-14T03:49:56.316981133Z", + "id": "14iipwlfd8t01k", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Oo7JpkYAgptDkVqBTaGUMnHqiYQ=", + "bytes": 123732, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 618, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 115 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65273, + "bytes": 76342, + "ip": "203.0.113.58", + "packets": 710 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053137Z", + "original": "{\"insertId\":\"14iipwlfd8t01f\",\"jsonPayload\":{\"bytes_sent\":\"76342\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65273},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316930467Z\",\"packets_sent\":\"710\",\"reporter\":\"DEST\",\"rtt_msec\":\"115\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.155378287Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.155378287Z", + "end": "2019-06-14T03:49:56.316930467Z", + "id": "14iipwlfd8t01f", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:12d2Qz5iuI+gHCcFYKHiK+jTFKY=", + "bytes": 76342, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 710, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.73.186.17", + "192.0.2.73" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 242 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Beijing", + "region_name": "Beijing" + }, + "as": { + "number": 4847 + }, + "address": "192.0.2.73", + "port": 45224, + "ip": "192.0.2.73" + }, + "source": { + "address": "10.73.186.17", + "port": 22, + "bytes": 9761, + "packets": 13, + "domain": "infraops-docker-data", + "ip": "10.73.186.17" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053144Z", + "original": "{\"insertId\":\"14iipwlfd8t018\",\"jsonPayload\":{\"bytes_sent\":\"9761\",\"connection\":{\"dest_ip\":\"192.0.2.73\",\"dest_port\":45224,\"protocol\":6,\"src_ip\":\"10.73.186.17\",\"src_port\":22},\"dest_location\":{\"asn\":4847,\"city\":\"Beijing\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Beijing\"},\"end_time\":\"2019-06-14T03:44:23.955039461Z\",\"packets_sent\":\"13\",\"reporter\":\"SRC\",\"rtt_msec\":\"242\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:23.705320616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:23.705320616Z", + "end": "2019-06-14T03:44:23.955039461Z", + "id": "14iipwlfd8t018", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:rKlCjiIPAcL1SMVo+HVqssXpCbA=", + "bytes": 9761, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 13, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 37 + } + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 56410, + "bytes": 1467, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053151100Z", + "original": "{\"insertId\":\"14iipwlfd8t01a\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":56410},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:10.630345069Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"37\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:10.514594429Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:47:10.514594429Z", + "end": "2019-06-14T03:47:10.630345069Z", + "id": "14iipwlfd8t01a", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:0c52Gpv2d5YT01CRixtDXpBMSJQ=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 95 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65277, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 51612, + "packets": 615, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053158Z", + "original": "{\"insertId\":\"14iipwlfd8t017\",\"jsonPayload\":{\"bytes_sent\":\"51612\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65277,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316890309Z\",\"packets_sent\":\"615\",\"reporter\":\"SRC\",\"rtt_msec\":\"95\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760385211Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760385211Z", + "end": "2019-06-14T03:49:56.316890309Z", + "id": "14iipwlfd8t017", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:YSvKG93X/zXgdEB409IbjBJVQFw=", + "bytes": 51612, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 615, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 123 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65272, + "bytes": 74330, + "ip": "203.0.113.58", + "packets": 745 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053165Z", + "original": "{\"insertId\":\"14iipwlfd8t01m\",\"jsonPayload\":{\"bytes_sent\":\"74330\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65272},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316981133Z\",\"packets_sent\":\"745\",\"reporter\":\"DEST\",\"rtt_msec\":\"123\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.403442252Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:39:59.403442252Z", + "end": "2019-06-14T03:49:56.316981133Z", + "id": "14iipwlfd8t01m", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:Oo7JpkYAgptDkVqBTaGUMnHqiYQ=", + "bytes": 74330, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 745, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "203.0.113.12" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.12", + "port": 59924, + "ip": "203.0.113.12" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1784, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053171900Z", + "original": "{\"insertId\":\"14iipwlfd8t015\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"203.0.113.12\",\"dest_port\":59924,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:08.213471928Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:08.092659117Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:41:08.092659117Z", + "end": "2019-06-14T03:41:08.213471928Z", + "id": "14iipwlfd8t015", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:T0Rv8TiMkVLDs+lIQf8LeL2yG4A=", + "bytes": 1784, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.58" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 115 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65273, + "ip": "203.0.113.58" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 76622, + "packets": 599, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053178800Z", + "original": "{\"insertId\":\"14iipwlfd8t01h\",\"jsonPayload\":{\"bytes_sent\":\"76622\",\"connection\":{\"dest_ip\":\"203.0.113.58\",\"dest_port\":65273,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316930467Z\",\"packets_sent\":\"599\",\"reporter\":\"SRC\",\"rtt_msec\":\"115\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.155378287Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.155378287Z", + "end": "2019-06-14T03:49:56.316930467Z", + "id": "14iipwlfd8t01h", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:12d2Qz5iuI+gHCcFYKHiK+jTFKY=", + "bytes": 76622, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 599, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "192.0.2.73", + "10.73.186.17" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 242 + } + } + }, + "destination": { + "address": "10.73.186.17", + "port": 22, + "domain": "infraops-docker-data", + "ip": "10.73.186.17" + }, + "source": { + "geo": { + "continent_name": "Asia", + "country_name": "chn", + "city_name": "Beijing", + "region_name": "Beijing" + }, + "as": { + "number": 4847 + }, + "address": "192.0.2.73", + "port": 45224, + "bytes": 42, + "ip": "192.0.2.73", + "packets": 5 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053185700Z", + "original": "{\"insertId\":\"14iipwlfd8t019\",\"jsonPayload\":{\"bytes_sent\":\"42\",\"connection\":{\"dest_ip\":\"10.73.186.17\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.0.2.73\",\"src_port\":45224},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:24.922448897Z\",\"packets_sent\":\"5\",\"reporter\":\"DEST\",\"rtt_msec\":\"242\",\"src_location\":{\"asn\":4847,\"city\":\"Beijing\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Beijing\"},\"start_time\":\"2019-06-14T03:42:23.705320616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:42:23.705320616Z", + "end": "2019-06-14T03:42:24.922448897Z", + "id": "14iipwlfd8t019", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:rKlCjiIPAcL1SMVo+HVqssXpCbA=", + "bytes": 42, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 5, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.58", + "10.139.99.242" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 95 + } + } + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa", + "city_name": "Broomfield", + "region_name": "Colorado" + }, + "as": { + "number": 33652 + }, + "address": "203.0.113.58", + "port": 65277, + "bytes": 75263, + "ip": "203.0.113.58", + "packets": 729 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053192600Z", + "original": "{\"insertId\":\"14iipwlfd8t016\",\"jsonPayload\":{\"bytes_sent\":\"75263\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.58\",\"src_port\":65277},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316890309Z\",\"packets_sent\":\"729\",\"reporter\":\"DEST\",\"rtt_msec\":\"95\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760385211Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:00.760385211Z", + "end": "2019-06-14T03:49:56.316890309Z", + "id": "14iipwlfd8t016", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:YSvKG93X/zXgdEB409IbjBJVQFw=", + "bytes": 75263, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 729, + "direction": "inbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.87.40.76", + "198.51.100.107" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "vpcflow": { + "reporter": "SRC" + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 34646, + "ip": "198.51.100.107" + }, + "source": { + "address": "10.87.40.76", + "port": 5601, + "bytes": 1780, + "packets": 7, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "event": { + "ingested": "2021-02-19T09:19:49.053199500Z", + "original": "{\"insertId\":\"14iipwlfd8t01c\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"198.51.100.107\",\"dest_port\":34646,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:10.529592195Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:10.413494375Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:10.413494375Z", + "end": "2019-06-14T03:48:10.529592195Z", + "id": "14iipwlfd8t01c", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:gHx32lWIBcmVoqmKyPEO+iRlC3Q=", + "bytes": 1780, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "outbound" + } + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.107", + "10.87.40.76" + ] + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "destination": { + "address": "10.87.40.76", + "port": 5601, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.107", + "port": 34646, + "bytes": 1467, + "ip": "198.51.100.107", + "packets": 7 + }, + "event": { + "ingested": "2021-02-19T09:19:49.053206500Z", + "original": "{\"insertId\":\"14iipwlfd8t01d\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"198.51.100.107\",\"src_port\":34646},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:10.529541195Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:10.413397239Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:48:10.413397239Z", + "end": "2019-06-14T03:48:10.529541195Z", + "id": "14iipwlfd8t01d", + "category": "network", + "type": "connection" + }, + "network": { + "community_id": "1:gHx32lWIBcmVoqmKyPEO+iRlC3Q=", + "bytes": 1467, + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 7, + "direction": "inbound" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33876, + "bytes": 5044, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 87 + }, + "network": { + "community_id": "1:dURBkayd+umbcZOJIS7+sTQjLag=", + "bytes": 5044, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 87, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 34 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053213400Z", + "original": "{\"insertId\":\"14iipwlfd8t01g\",\"jsonPayload\":{\"bytes_sent\":\"5044\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33876},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933154111Z\",\"packets_sent\":\"87\",\"reporter\":\"DEST\",\"rtt_msec\":\"34\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466868771Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466868771Z", + "end": "2019-06-14T03:49:37.933154111Z", + "id": "14iipwlfd8t01g", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.139.99.242", + "port": 9200, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33574, + "bytes": 14132, + "domain": "kibana", + "ip": "203.0.113.134", + "packets": 91 + }, + "network": { + "community_id": "1:nv2CjECKqbosaYrr1Kt1ArPTXsg=", + "bytes": 14132, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 91, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "203.0.113.134", + "10.139.99.242" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 509 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053220500Z", + "original": "{\"insertId\":\"14iipwlfd8t01l\",\"jsonPayload\":{\"bytes_sent\":\"14132\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"203.0.113.134\",\"src_port\":33574},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"91\",\"reporter\":\"DEST\",\"rtt_msec\":\"509\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.468484109Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.468484109Z", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "14iipwlfd8t01l", + "category": "network", + "type": "connection" + } + }, + { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "203.0.113.134", + "port": 33574, + "domain": "kibana", + "ip": "203.0.113.134" + }, + "source": { + "address": "10.139.99.242", + "port": 9200, + "bytes": 151213, + "packets": 68, + "domain": "elasticsearch", + "ip": "10.139.99.242" + }, + "network": { + "community_id": "1:nv2CjECKqbosaYrr1Kt1ArPTXsg=", + "bytes": 151213, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 68, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:19.219Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.139.99.242", + "203.0.113.134" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 509 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.053227400Z", + "original": "{\"insertId\":\"14iipwlfd8t01b\",\"jsonPayload\":{\"bytes_sent\":\"151213\",\"connection\":{\"dest_ip\":\"203.0.113.134\",\"dest_port\":33574,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821129119Z\",\"packets_sent\":\"68\",\"reporter\":\"SRC\",\"rtt_msec\":\"509\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.468484109Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.468484109Z", + "end": "2019-06-14T03:49:51.821129119Z", + "id": "14iipwlfd8t01b", + "category": "network", + "type": "connection" + } + } + ] +} \ No newline at end of file diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml b/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml new file mode 100644 index 00000000000..1128cfe38cf --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/_dev/test/system/test-pubsub-config.yml @@ -0,0 +1,10 @@ +service: gcppubsub-emulator +input: gcp-pubsub +vars: + alternative_host: "{{Hostname}}:{{Port}}" + credentials_json: '{\"fake\":\"creds\"}' + project_id: vpcflow +data_stream: + vars: + subscription_name: subscription + topic: topic diff --git a/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs b/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs new file mode 100644 index 00000000000..bc6bc01b7e0 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/agent/stream/gcp-pubsub.yml.hbs @@ -0,0 +1,20 @@ +project_id: {{project_id}} +topic: {{topic}} +subscription.name: {{subscription_name}} +{{#if credentials_file}} +credentials_file: {{credentials_file}} +{{/if}} +{{#if credentials_json}} +credentials_json: {{credentials_json}} +{{/if}} +{{#if alternative_host}} +alternative_host: {{alternative_host}} +{{/if}} +subscription.create: {{subscription_create}} +tags: + {{#each tags as |tag i|}} + - {{tag}} + {{/each}} +{{#contains tags "forwarded"}} +publisher_pipeline.disable_host: true +{{/contains}} diff --git a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..2e34849dd2c --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,357 @@ +--- +description: Pipeline for Google Cloud VPC Flow Logs + +processors: + - json: + field: message + target_field: json + - community_id: + source_ip: json.jsonPayload.connection.src_ip + source_port: json.jsonPayload.connection.src_port + destination_ip: json.jsonPayload.connection.dest_ip + destination_port: json.jsonPayload.connection.dest_port + iana_number: json.jsonPayload.connection.protocol + - set: + field: ecs.version + value: "1.8.0" + + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' + + - rename: + field: message + target_field: event.original + ignore_missing: true + + - date: + field: json.timestamp + timezone: UTC + formats: + - ISO8601 + + - set: + field: event.kind + value: event + - set: + field: event.category + value: network + - set: + field: event.type + value: connection + - set: + field: event.id + copy_from: json.insertId + ignore_empty_value: true + ignore_failure: true + - rename: + field: json.logName + target_field: log.logger + ignore_missing: true + + - rename: + field: json.jsonPayload.connection.dest_ip + target_field: destination.address + ignore_missing: true + - rename: + field: json.jsonPayload.connection.dest_port + target_field: destination.port + ignore_missing: true + - rename: + field: json.jsonPayload.connection.protocol + target_field: network.iana_number + ignore_missing: true + - rename: + field: json.jsonPayload.connection.src_ip + target_field: source.address + ignore_missing: true + - rename: + field: json.jsonPayload.connection.src_port + target_field: source.port + ignore_missing: true + - rename: + field: json.jsonPayload.src_instance.vm_name + target_field: source.domain + ignore_missing: true + - rename: + field: json.jsonPayload.dest_instance.vm_name + target_field: destination.domain + ignore_missing: true + - rename: + field: json.jsonPayload.bytes_sent + target_field: source.bytes + ignore_missing: true + - rename: + field: json.jsonPayload.packets_sent + target_field: source.packets + ignore_missing: true + - rename: + field: json.jsonPayload.start_time + target_field: event.start + ignore_missing: true + - rename: + field: json.jsonPayload.end_time + target_field: event.end + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.continent + target_field: destination.geo.continent_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.country + target_field: destination.geo.country_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.region + target_field: destination.geo.region_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_location.city + target_field: destination.geo.city_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.continent + target_field: source.geo.continent_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.country + target_field: source.geo.country_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.region + target_field: source.geo.region_name + ignore_missing: true + - rename: + field: json.jsonPayload.src_location.city + target_field: source.geo.city_name + ignore_missing: true + - rename: + field: json.jsonPayload.dest_instance + target_field: gcp.destination.instance + ignore_missing: true + - rename: + field: json.jsonPayload.dest_vpc + target_field: gcp.destination.vpc + ignore_missing: true + - rename: + field: json.jsonPayload.src_instance + target_field: gcp.source.instance + ignore_missing: true + - rename: + field: json.jsonPayload.src_vpc + target_field: gcp.source.vpc + ignore_missing: true + - convert: + field: json.jsonPayload.rtt_msec + target_field: json.jsonPayload.rtt.ms + type: long + ignore_missing: true + - rename: + field: json.jsonPayload + target_field: gcp.vpcflow + ignore_missing: true + - convert: + field: source.bytes + type: long + ignore_missing: true + - convert: + field: source.packets + type: long + ignore_missing: true + - convert: + field: network.iana_number + type: string + ignore_missing: true + + - remove: + field: + - gcp.vpcflow.rtt_msec + - gcp.vpcflow.connection + - gcp.vpcflow.dest_location + - gcp.vpcflow.src_location + - json + ignore_missing: true + + - set: + field: source.ip + value: "{{source.address}}" + ignore_failure: true + if: ctx?.source?.address != null + + - set: + field: destination.ip + value: "{{destination.address}}" + ignore_failure: true + if: ctx?.destination?.address != null + + - convert: + field: gcp.source.instance.project_id + target_field: cloud.project.id + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "DEST" + - convert: + field: gcp.source.instance.vm_name + target_field: cloud.instance.name + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "DEST" + - convert: + field: gcp.source.instance.region + target_field: cloud.region + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "DEST" + - convert: + field: gcp.source.instance.zone + target_field: cloud.availability_zone + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "DEST" + - convert: + field: gcp.source.vpc.subnetwork_name + target_field: network.name + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.gcp?.vpcflow?.reporter == "DEST" + - convert: + field: gcp.destination.instance.project_id + target_field: cloud.project.id + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "SRC" + - convert: + field: gcp.destination.instance.vm_name + target_field: cloud.instance.name + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "SRC" + - convert: + field: gcp.destination.instance.region + target_field: cloud.region + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "SRC" + - convert: + field: gcp.destination.instance.zone + target_field: cloud.availability_zone + type: string + ignore_missing: true + if: ctx?.gcp?.vpcflow?.reporter == "SRC" + - convert: + field: gcp.destination.vpc.subnetwork_name + target_field: network.name + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.gcp?.vpcflow?.reporter == "SRC" + - convert: + field: source.bytes + type: long + target_field: network.bytes + ignore_missing: true + - convert: + field: source.packets + type: long + target_field: network.packets + ignore_missing: true + - set: + field: network.transport + value: tcp + if: ctx?.network?.iana_number == "6" + - set: + field: network.transport + value: udp + if: ctx?.network?.iana_number == "17" + - set: + field: network.direction + value: internal + if: ctx?.gcp?.source?.instance != null && ctx?.gcp?.destination?.instance != null + - set: + field: network.direction + value: outbound + if: ctx?.gcp?.source?.instance != null && ctx?.gcp?.destination?.instance == null + - set: + field: network.direction + value: inbound + if: ctx?.gcp?.source?.instance == null && ctx?.gcp?.destination?.instance != null + - set: + field: network.direction + value: unknown + if: ctx?.network?.direction == null + - set: + field: network.type + value: ipv4 + if: ctx?.source?.ip != null && ctx?.source?.ip.contains(".") + - set: + field: network.type + value: ipv6 + if: ctx?.source?.ip != null && !ctx?.source?.ip.contains(".") + - append: + field: related.ip + value: "{{source.ip}}" + allow_duplicates: false + if: ctx?.source?.ip != null && ctx?.source?.ip != "" + - append: + field: related.ip + value: "{{destination.ip}}" + allow_duplicates: false + if: ctx?.destination?.ip != null && ctx?.destination?.ip != "" + + # IP Geolocation Lookup + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/gcp/data_stream/vpcflow/fields/agent.yml b/packages/gcp/data_stream/vpcflow/fields/agent.yml new file mode 100644 index 00000000000..da4e652c53b --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/fields/agent.yml @@ -0,0 +1,198 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: labels + level: extended + type: object + object_type: keyword + description: Image labels. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: architecture + level: core + type: keyword + ignore_above: 1024 + description: Operating system architecture. + example: x86_64 + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: id + level: core + type: keyword + ignore_above: 1024 + description: 'Unique host id. + + As hostname is not always unique, use values that are meaningful in your environment. + + Example: The current usage of `beat.name`.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: name + level: core + type: keyword + ignore_above: 1024 + description: 'Name of the host. + + It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: os.family + level: extended + type: keyword + ignore_above: 1024 + description: OS family (such as redhat, debian, freebsd, windows). + example: debian + - name: os.kernel + level: extended + type: keyword + ignore_above: 1024 + description: Operating system kernel version as a raw string. + example: 4.4.0-112-generic + - name: os.name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Operating system name, without the version. + example: Mac OS X + - name: os.platform + level: extended + type: keyword + ignore_above: 1024 + description: Operating system platform (such centos, ubuntu, windows). + example: darwin + - name: os.version + level: extended + type: keyword + ignore_above: 1024 + description: Operating system version as a raw string. + example: 10.14.1 + - name: type + level: core + type: keyword + ignore_above: 1024 + description: 'Type of host. + + For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + - name: containerized + type: boolean + description: > + If the host is a container. + + - name: os.build + type: keyword + example: "18D109" + description: > + OS build information. + + - name: os.codename + type: keyword + example: "stretch" + description: > + OS codename, if any. + diff --git a/packages/gcp/data_stream/vpcflow/fields/base-fields.yml b/packages/gcp/data_stream/vpcflow/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/gcp/data_stream/vpcflow/fields/ecs.yml b/packages/gcp/data_stream/vpcflow/fields/ecs.yml new file mode 100644 index 00000000000..6300bf41b4a --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/fields/ecs.yml @@ -0,0 +1,315 @@ +- name: message + level: core + type: text + description: |- + For log events the message field contains the log message, optimized for viewing in a log viewer. + For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. + If multiple messages exist, they can be combined into one message. +- name: container + title: Container + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + description: Container name. + ignore_above: 1024 + - name: runtime + level: extended + type: keyword + description: Runtime managing this container. + ignore_above: 1024 +- name: destination + title: Destination + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + ignore_above: 1024 + description: 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.' + - name: as.number + level: extended + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + example: 15169 + - name: as.organization.name + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Organization name. + - name: domain + level: core + type: wildcard + description: Destination domain. + - name: geo.city_name + level: core + type: keyword + ignore_above: 1024 + description: City name. + - name: geo.continent_name + level: core + type: keyword + ignore_above: 1024 + description: Name of the continent. + - name: geo.country_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Country ISO code. + - name: geo.country_name + level: core + type: keyword + ignore_above: 1024 + description: Country name. + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.name + level: extended + type: wildcard + description: 'User-defined description of a location, at the level of granularity they care about.' + - name: geo.region_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Region ISO code. + - name: geo.region_name + level: core + type: keyword + ignore_above: 1024 + description: Region name. + - name: ip + level: core + type: ip + description: IP address of the destination (IPv4 or IPv6). + - name: port + level: core + type: long + format: string + description: Port of the destination. +- name: ecs.version + type: keyword + description: ECS version +- name: event + title: Event + group: 2 + type: group + fields: + - name: action + level: core + type: keyword + description: |- + The action captured by the event. + This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. + ignore_above: 1024 + - name: ingested + level: core + type: date + description: 'Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It''s also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`.' + - name: outcome + level: core + type: keyword + description: |- + This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. + Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. + Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. + ignore_above: 1024 +- name: input.type + type: keyword + description: Input type +- name: log.file.path + type: keyword + description: Log path +- name: log.offset + type: long + description: Log offset +- name: log.logger + type: keyword +- name: source + title: Source + group: 2 + type: group + fields: + - name: address + level: extended + type: keyword + ignore_above: 1024 + description: 'Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. + + Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.' + - name: as.number + level: extended + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + example: 15169 + - name: as.organization.name + level: extended + type: wildcard + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Organization name. + - name: bytes + level: core + type: long + format: bytes + description: Bytes sent from the source to the destination. + - name: domain + level: core + type: wildcard + description: Source domain. + - name: geo.city_name + level: core + type: keyword + ignore_above: 1024 + description: City name. + - name: geo.continent_name + level: core + type: keyword + ignore_above: 1024 + description: Name of the continent. + - name: geo.country_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Country ISO code. + - name: geo.country_name + level: core + type: keyword + ignore_above: 1024 + description: Country name. + - name: geo.location + level: core + type: geo_point + description: Longitude and latitude. + - name: geo.name + level: extended + type: wildcard + description: 'User-defined description of a location, at the level of granularity they care about.' + - name: geo.region_iso_code + level: core + type: keyword + ignore_above: 1024 + description: Region ISO code. + - name: geo.region_name + level: core + type: keyword + ignore_above: 1024 + description: Region name. + - name: ip + level: core + type: ip + description: IP address of the source (IPv4 or IPv6). + - name: packets + level: core + type: long + description: Packets sent from the source to the destination. + - name: port + level: core + type: long + format: string + description: Port of the source. +- name: network + title: Network + group: 2 + description: 'The network is defined as the communication path over which a host or network event happens. + + The network.* fields should be populated with details about the network activity associated with an event.' + type: group + fields: + - name: bytes + level: core + type: long + format: bytes + description: 'Total bytes transferred in both directions.' + - name: community_id + level: extended + type: keyword + ignore_above: 1024 + description: 'A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows.' + - name: direction + level: core + type: keyword + ignore_above: 1024 + description: Direction of the network traffic. + - name: iana_number + level: extended + type: keyword + ignore_above: 1024 + description: IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Name given by operators to sections of their network. + - name: packets + level: core + type: long + description: 'Total packets transferred in both directions.' + - name: transport + level: core + type: keyword + ignore_above: 1024 + description: 'Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.)' + - name: type + level: core + type: keyword + ignore_above: 1024 + description: 'In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc' +- name: rule + title: Rule + group: 2 + type: group + fields: + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: The name of the rule or signature generating the event. + default_field: false +- name: related + title: Related + group: 2 + type: group + fields: + - name: hash + level: extended + type: keyword + ignore_above: 1024 + description: All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). + default_field: false + - name: hosts + level: extended + type: keyword + ignore_above: 1024 + description: All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. + default_field: false + - name: ip + level: extended + type: ip + description: All of the IPs seen on your event. + - name: user + level: extended + type: keyword + ignore_above: 1024 + description: All the user names seen on your event. + default_field: false +- name: tags + level: core + type: keyword + ignore_above: 1024 + description: List of keywords used to tag each event. diff --git a/packages/gcp/data_stream/vpcflow/fields/fields.yml b/packages/gcp/data_stream/vpcflow/fields/fields.yml new file mode 100644 index 00000000000..afd0aca3fa2 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/fields/fields.yml @@ -0,0 +1,11 @@ +- name: gcp.vpcflow + type: group + fields: + - name: reporter + type: keyword + description: | + The side which reported the flow. Can be either 'SRC' or 'DEST'. + - name: rtt.ms + type: long + description: | + Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. diff --git a/packages/gcp/data_stream/vpcflow/fields/package-fields.yml b/packages/gcp/data_stream/vpcflow/fields/package-fields.yml new file mode 100644 index 00000000000..88482fd9c15 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/fields/package-fields.yml @@ -0,0 +1,63 @@ +- name: gcp + type: group + fields: + - name: destination.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: destination.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. + - name: source.instance + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: region + type: keyword + description: | + Region of the VM. + - name: zone + type: keyword + description: | + Zone of the VM. + - name: source.vpc + type: group + fields: + - name: project_id + type: keyword + description: | + ID of the project containing the VM. + - name: vpc_name + type: keyword + description: | + VPC on which the VM is operating. + - name: subnetwork_name + type: keyword + description: | + Subnetwork on which the VM is operating. diff --git a/packages/gcp/data_stream/vpcflow/manifest.yml b/packages/gcp/data_stream/vpcflow/manifest.yml new file mode 100644 index 00000000000..809efd783f6 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/manifest.yml @@ -0,0 +1,39 @@ +type: logs +title: Google Cloud Platform (GCP) vpcflow logs +release: experimental +streams: + - input: gcp-pubsub + vars: + - name: topic + type: text + title: Topic + multi: false + required: true + show_user: true + default: stackdriver-vpcflow + - name: subscription_name + type: text + title: Subscription Name + multi: false + required: true + show_user: true + default: filebeat-gcp-vpcflow + - name: subscription_create + type: bool + title: Subscription Create + description: If true, the integration will create the subscription on start. + multi: false + required: true + show_user: false + default: false + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + template_path: gcp-pubsub.yml.hbs + title: Google Cloud Platform (GCP) vpcflow logs (gcp-pubsub) + description: Collect Google Cloud Platform (GCP) vpcflow logs using gcp-pubsub input diff --git a/packages/gcp/data_stream/vpcflow/sample_event.json b/packages/gcp/data_stream/vpcflow/sample_event.json new file mode 100644 index 00000000000..a0316952db0 --- /dev/null +++ b/packages/gcp/data_stream/vpcflow/sample_event.json @@ -0,0 +1,95 @@ +{ + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33970, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 173663, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 68 + }, + "network": { + "community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", + "bytes": 173663, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 68, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051077900Z", + "original": "{\"insertId\":\"ut8lbrffooxzb\",\"jsonPayload\":{\"bytes_sent\":\"173663\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"68\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466657665Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "ut8lbrffooxzb", + "category": "network", + "type": "connection" + } +} \ No newline at end of file diff --git a/packages/gcp/docs/README.md b/packages/gcp/docs/README.md new file mode 100644 index 00000000000..d3cff75f2f3 --- /dev/null +++ b/packages/gcp/docs/README.md @@ -0,0 +1,656 @@ +# Google Cloud Integration + +The Google Cloud integration collects and parses Google Cloud audit, VPC flow, +and firewall logs that have been exported from Stackdriver to a Google Pub/Sub topic sink. + +## Logs + +### Audit + +This is the `audit` dataset. + +An example event for `audit` looks as following: + +```$json +{ + "log": { + "logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity" + }, + "source": { + "geo": { + "continent_name": "Europe", + "region_iso_code": "RU-MOW", + "city_name": "Moscow", + "country_iso_code": "RU", + "country_name": "Russia", + "region_name": "Moscow", + "location": { + "lon": 37.6172, + "lat": 55.7527 + } + }, + "ip": "1.2.3.4" + }, + "cloud": { + "project": { + "id": "foo" + } + }, + "@timestamp": "2020-08-05T21:59:26.456Z", + "ecs": { + "version": "1.8.0" + }, + "gcp": { + "audit": { + "request": { + "name": "windows-server-2016-v20200805", + "proto_name": "type.googleapis.com/compute.images.insert" + }, + "authentication_info": { + "principal_email": "user@mycompany.com" + }, + "method_name": "v1.compute.images.insert", + "request_metadata": { + "caller_ip": "1.2.3.4", + "caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)" + }, + "response": { + "proto_name": "type.googleapis.com/operation", + "status": { + "value": "RUNNING" + } + }, + "service_name": "compute.googleapis.com", + "type": "type.googleapis.com/google.cloud.audit.AuditLog", + "authorization_info": [ + { + "resource_attributes": { + "name": "projects/foo/global/images/windows-server-2016-v20200805", + "type": "compute.images", + "service": "compute" + }, + "permission": "compute.images.create", + "granted": true + } + ], + "resource_name": "projects/foo/global/images/windows-server-2016-v20200805", + "resource_location": { + "current_locations": [ + "eu" + ] + } + } + }, + "service": { + "name": "compute.googleapis.com" + }, + "event": { + "action": "v1.compute.images.insert", + "ingested": "2021-02-19T09:19:47.732239800Z", + "original": "{\"insertId\":\"v2spcwdzmc2\",\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Factivity\",\"operation\":{\"first\":true,\"id\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"producer\":\"compute.googleapis.com\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"user@mycompany.com\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"compute.images.create\",\"resourceAttributes\":{\"name\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"service\":\"compute\",\"type\":\"compute.images\"}}],\"methodName\":\"v1.compute.images.insert\",\"request\":{\"@type\":\"type.googleapis.com/compute.images.insert\",\"family\":\"windows-server-2016\",\"guestOsFeatures\":[{\"type\":\"VIRTIO_SCSI_MULTIQUEUE\"},{\"type\":\"WINDOWS\"}],\"name\":\"windows-server-2016-v20200805\",\"rawDisk\":{\"source\":\"https://storage.googleapis.com/storage/v1/b/foo/o/windows-server-2016-v20200805.tar.gz\"},\"sourceType\":\"RAW\"},\"requestMetadata\":{\"callerIp\":\"1.2.3.4\",\"callerSuppliedUserAgent\":\"google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2020-08-05T21:59:27.515Z\"}},\"resourceLocation\":{\"currentLocations\":[\"eu\"]},\"resourceName\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"response\":{\"@type\":\"type.googleapis.com/operation\",\"id\":\"44919313\",\"insertTime\":\"2020-08-05T14:59:27.259-07:00\",\"name\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"operationType\":\"insert\",\"progress\":\"0\",\"selfLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"selfLinkWithId\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/4491931805423146320\",\"startTime\":\"2020-08-05T14:59:27.274-07:00\",\"status\":\"RUNNING\",\"targetId\":\"12345\",\"targetLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/images/windows-server-2016-v20200805\",\"user\":\"user@mycompany.com\"},\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2020-08-05T21:59:27.822546978Z\",\"resource\":{\"labels\":{\"image_id\":\"771879043\",\"project_id\":\"foo\"},\"type\":\"gce_image\"},\"severity\":\"NOTICE\",\"timestamp\":\"2020-08-05T21:59:26.456Z\"}", + "id": "v2spcwdzmc2", + "kind": "event", + "outcome": "success" + }, + "user": { + "email": "user@mycompany.com" + }, + "user_agent": { + "name": "Other", + "original": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", + "os": { + "name": "Mac OS X", + "version": "19.6.0", + "full": "Mac OS X 19.6.0" + }, + "device": { + "name": "Mac" + } + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | +| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.image.id | Image ID for the cloud instance. | keyword | +| cloud.instance.id | Instance ID of the host machine. | keyword | +| cloud.instance.name | Instance name of the host machine. | keyword | +| cloud.machine.type | Machine type of the host machine. | keyword | +| cloud.project.id | Name of the project in Google Cloud. | keyword | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | +| cloud.region | Region in which this host is running. | keyword | +| container.id | Unique container id. | keyword | +| container.image.name | Name of the image the container was built on. | keyword | +| container.labels | Image labels. | object | +| container.name | Container name. | keyword | +| container.runtime | Runtime managing this container. | keyword | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| ecs.version | ECS version | keyword | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. | date | +| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | +| gcp.audit.authentication_info.authority_selector | The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. | keyword | +| gcp.audit.authentication_info.principal_email | The email address of the authenticated user making the request. | keyword | +| gcp.audit.authorization_info.granted | Whether or not authorization for resource and permission was granted. | boolean | +| gcp.audit.authorization_info.permission | The required IAM permission. | keyword | +| gcp.audit.authorization_info.resource_attributes.name | The name of the resource. | keyword | +| gcp.audit.authorization_info.resource_attributes.service | The name of the service. | keyword | +| gcp.audit.authorization_info.resource_attributes.type | The type of the resource. | keyword | +| gcp.audit.method_name | The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. | keyword | +| gcp.audit.num_response_items | The number of items returned from a List or Query API method, if applicable. | long | +| gcp.audit.request.filter | Filter of the request. | keyword | +| gcp.audit.request.name | Name of the request. | keyword | +| gcp.audit.request.proto_name | Type property of the request. | keyword | +| gcp.audit.request.resource_name | Name of the request resource. | keyword | +| gcp.audit.request_metadata.caller_ip | The IP address of the caller. | ip | +| gcp.audit.request_metadata.caller_supplied_user_agent | The user agent of the caller. This information is not authenticated and should be treated accordingly. | keyword | +| gcp.audit.resource_location.current_locations | Current locations of the resource. | keyword | +| gcp.audit.resource_name | The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. | keyword | +| gcp.audit.response.details.group | The name of the group. | keyword | +| gcp.audit.response.details.kind | The kind of the response details. | keyword | +| gcp.audit.response.details.name | The name of the response details. | keyword | +| gcp.audit.response.details.uid | The uid of the response details. | keyword | +| gcp.audit.response.proto_name | Type property of the response. | keyword | +| gcp.audit.response.status.allowed | | boolean | +| gcp.audit.response.status.reason | | keyword | +| gcp.audit.response.status.value | | keyword | +| gcp.audit.service_name | The name of the API service performing the operation. For example, datastore.googleapis.com. | keyword | +| gcp.audit.status.code | The status code, which should be an enum value of google.rpc.Code. | integer | +| gcp.audit.status.message | A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. | keyword | +| gcp.audit.type | Type property. | keyword | +| gcp.destination.instance.project_id | ID of the project containing the VM. | keyword | +| gcp.destination.instance.region | Region of the VM. | keyword | +| gcp.destination.instance.zone | Zone of the VM. | keyword | +| gcp.destination.vpc.project_id | ID of the project containing the VM. | keyword | +| gcp.destination.vpc.subnetwork_name | Subnetwork on which the VM is operating. | keyword | +| gcp.destination.vpc.vpc_name | VPC on which the VM is operating. | keyword | +| gcp.source.instance.project_id | ID of the project containing the VM. | keyword | +| gcp.source.instance.region | Region of the VM. | keyword | +| gcp.source.instance.zone | Zone of the VM. | keyword | +| gcp.source.vpc.project_id | ID of the project containing the VM. | keyword | +| gcp.source.vpc.subnetwork_name | Subnetwork on which the VM is operating. | keyword | +| gcp.source.vpc.vpc_name | VPC on which the VM is operating. | keyword | +| host.architecture | Operating system architecture. | keyword | +| host.containerized | If the host is a container. | boolean | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | +| host.ip | Host ip addresses. | ip | +| host.mac | Host mac addresses. | keyword | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.os.build | OS build information. | keyword | +| host.os.codename | OS codename, if any. | keyword | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | +| host.os.name | Operating system name, without the version. | keyword | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | +| host.os.version | Operating system version as a raw string. | keyword | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | +| input.type | Input type | keyword | +| log.file.path | Log path | keyword | +| log.logger | | keyword | +| log.offset | Log offset | long | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| service.name | Name of the service data is collected from. | keyword | +| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| source.as.organization.name | Organization name. | keyword | +| source.geo.city_name | City name. | keyword | +| source.geo.continent_name | Name of the continent. | keyword | +| source.geo.country_iso_code | Country ISO code. | keyword | +| source.geo.country_name | Country name. | keyword | +| source.geo.location | Longitude and latitude. | geo_point | +| source.geo.region_iso_code | Region ISO code. | keyword | +| source.geo.region_name | Region name. | keyword | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | +| tags | List of keywords used to tag each event. | keyword | +| user.email | User email address. | wildcard | +| user_agent.device.name | Name of the device. | keyword | +| user_agent.name | Name of the user agent. | keyword | +| user_agent.original | Unparsed user_agent string. | wildcard | +| user_agent.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | +| user_agent.os.full | Operating system name, including the version or code name. | wildcard | +| user_agent.os.kernel | Operating system kernel version as a raw string. | keyword | +| user_agent.os.name | Operating system name, without the version. | wildcard | +| user_agent.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | +| user_agent.os.version | Operating system version as a raw string. | keyword | +| user_agent.version | Version of the user agent. | keyword | + + +### Firewall + +This is the `firewall` dataset. + +An example event for `firewall` looks as following: + +```$json +{ + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "destination": { + "geo": { + "continent_name": "North America", + "country_name": "United States", + "location": { + "lon": -97.822, + "lat": 37.751 + }, + "country_iso_code": "US" + }, + "as": { + "number": 15169, + "organization": { + "name": "Google LLC" + } + }, + "address": "8.8.8.8", + "port": 53, + "ip": "8.8.8.8" + }, + "rule": { + "name": "network:default/firewall:adrian-test-1" + }, + "source": { + "address": "10.128.0.16", + "port": 60094, + "domain": "adrian-test", + "ip": "10.128.0.16" + }, + "network": { + "name": "default", + "community_id": "1:iiDdIEXnxwSiz/hJbVnseQ4SZVE=", + "transport": "udp", + "type": "ipv4", + "iana_number": "17", + "direction": "outbound" + }, + "cloud": { + "region": "us-central1", + "availability_zone": "us-central1-a", + "project": { + "id": "test-beats" + } + }, + "@timestamp": "2019-11-12T12:35:17.214Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "10.128.0.16", + "8.8.8.8" + ] + }, + "gcp": { + "firewall": { + "rule_details": { + "action": "DENY", + "target_tag": [ + "adrian-test" + ], + "priority": 1000, + "destination_range": [ + "8.8.8.0/24" + ], + "ip_port_info": [ + { + "ip_protocol": "ALL" + } + ], + "direction": "EGRESS" + } + }, + "source": { + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-central1", + "project_id": "test-beats", + "zone": "us-central1-a" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:48.040375200Z", + "original": "{\"insertId\":\"4zuj4nfn4llkb\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"8.8.8.8\",\"dest_port\":53,\"protocol\":17,\"src_ip\":\"10.128.0.16\",\"src_port\":60094},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:35:24.466374097Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:35:17.214711274Z\"}", + "kind": "event", + "action": "firewall-rule", + "id": "4zuj4nfn4llkb", + "category": "network", + "type": "connection" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | +| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.image.id | Image ID for the cloud instance. | keyword | +| cloud.instance.id | Instance ID of the host machine. | keyword | +| cloud.instance.name | Instance name of the host machine. | keyword | +| cloud.machine.type | Machine type of the host machine. | keyword | +| cloud.project.id | Name of the project in Google Cloud. | keyword | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | +| cloud.region | Region in which this host is running. | keyword | +| container.id | Unique container id. | keyword | +| container.image.name | Name of the image the container was built on. | keyword | +| container.labels | Image labels. | object | +| container.name | Container name. | keyword | +| container.runtime | Runtime managing this container. | keyword | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| destination.address | Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| destination.as.organization.name | Organization name. | wildcard | +| destination.domain | Destination domain. | wildcard | +| destination.geo.city_name | City name. | keyword | +| destination.geo.continent_name | Name of the continent. | keyword | +| destination.geo.country_iso_code | Country ISO code. | keyword | +| destination.geo.country_name | Country name. | keyword | +| destination.geo.location | Longitude and latitude. | geo_point | +| destination.geo.name | User-defined description of a location, at the level of granularity they care about. | wildcard | +| destination.geo.region_iso_code | Region ISO code. | keyword | +| destination.geo.region_name | Region name. | keyword | +| destination.ip | IP address of the destination (IPv4 or IPv6). | ip | +| destination.port | Port of the destination. | long | +| ecs.version | ECS version | keyword | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. | date | +| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | +| gcp.destination.instance.project_id | ID of the project containing the VM. | keyword | +| gcp.destination.instance.region | Region of the VM. | keyword | +| gcp.destination.instance.zone | Zone of the VM. | keyword | +| gcp.destination.vpc.project_id | ID of the project containing the VM. | keyword | +| gcp.destination.vpc.subnetwork_name | Subnetwork on which the VM is operating. | keyword | +| gcp.destination.vpc.vpc_name | VPC on which the VM is operating. | keyword | +| gcp.firewall.rule_details.action | Action that the rule performs on match. | keyword | +| gcp.firewall.rule_details.destination_range | List of destination ranges that the firewall applies to. | keyword | +| gcp.firewall.rule_details.direction | Direction of traffic that matches this rule. | keyword | +| gcp.firewall.rule_details.ip_port_info | List of ip protocols and applicable port ranges for rules. | array | +| gcp.firewall.rule_details.priority | The priority for the firewall rule. | long | +| gcp.firewall.rule_details.reference | Reference to the firewall rule. | keyword | +| gcp.firewall.rule_details.source_range | List of source ranges that the firewall rule applies to. | keyword | +| gcp.firewall.rule_details.source_service_account | List of all the source service accounts that the firewall rule applies to. | keyword | +| gcp.firewall.rule_details.source_tag | List of all the source tags that the firewall rule applies to. | keyword | +| gcp.firewall.rule_details.target_service_account | List of all the target service accounts that the firewall rule applies to. | keyword | +| gcp.firewall.rule_details.target_tag | List of all the target tags that the firewall rule applies to. | keyword | +| gcp.source.instance.project_id | ID of the project containing the VM. | keyword | +| gcp.source.instance.region | Region of the VM. | keyword | +| gcp.source.instance.zone | Zone of the VM. | keyword | +| gcp.source.vpc.project_id | ID of the project containing the VM. | keyword | +| gcp.source.vpc.subnetwork_name | Subnetwork on which the VM is operating. | keyword | +| gcp.source.vpc.vpc_name | VPC on which the VM is operating. | keyword | +| host.architecture | Operating system architecture. | keyword | +| host.containerized | If the host is a container. | boolean | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | +| host.ip | Host ip addresses. | ip | +| host.mac | Host mac addresses. | keyword | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.os.build | OS build information. | keyword | +| host.os.codename | OS codename, if any. | keyword | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | +| host.os.name | Operating system name, without the version. | keyword | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | +| host.os.version | Operating system version as a raw string. | keyword | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | +| input.type | Input type | keyword | +| log.file.path | Log path | keyword | +| log.logger | | keyword | +| log.offset | Log offset | long | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. | keyword | +| network.direction | Direction of the network traffic. | keyword | +| network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). | keyword | +| network.name | Name given by operators to sections of their network. | keyword | +| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) | keyword | +| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc | keyword | +| related.hash | All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). | keyword | +| related.hosts | All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. | keyword | +| related.ip | All of the IPs seen on your event. | ip | +| related.user | All the user names seen on your event. | keyword | +| rule.name | The name of the rule or signature generating the event. | keyword | +| source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| source.as.organization.name | Organization name. | wildcard | +| source.domain | Source domain. | wildcard | +| source.geo.city_name | City name. | keyword | +| source.geo.continent_name | Name of the continent. | keyword | +| source.geo.country_iso_code | Country ISO code. | keyword | +| source.geo.country_name | Country name. | keyword | +| source.geo.location | Longitude and latitude. | geo_point | +| source.geo.name | User-defined description of a location, at the level of granularity they care about. | wildcard | +| source.geo.region_iso_code | Region ISO code. | keyword | +| source.geo.region_name | Region name. | keyword | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | +| source.port | Port of the source. | long | +| tags | List of keywords used to tag each event. | keyword | + + +### VPC Flow + +This is the `VPC Flow` dataset. + +An example event for `vpcflow` looks as following: + +```$json +{ + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "destination": { + "address": "10.87.40.76", + "port": 33970, + "domain": "kibana", + "ip": "10.87.40.76" + }, + "source": { + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "as": { + "number": 15169 + }, + "address": "198.51.100.248", + "port": 9200, + "bytes": 173663, + "domain": "elasticsearch", + "ip": "198.51.100.248", + "packets": 68 + }, + "network": { + "community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", + "bytes": 173663, + "name": "default", + "transport": "tcp", + "type": "ipv4", + "iana_number": "6", + "packets": 68, + "direction": "internal" + }, + "cloud": { + "region": "us-east1", + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + } + }, + "@timestamp": "2019-06-14T03:50:10.845Z", + "ecs": { + "version": "1.8.0" + }, + "related": { + "ip": [ + "198.51.100.248", + "10.87.40.76" + ] + }, + "gcp": { + "destination": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + }, + "source": { + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + }, + "instance": { + "region": "us-east1", + "project_id": "my-sample-project", + "zone": "us-east1-b" + } + } + }, + "event": { + "ingested": "2021-02-19T09:19:49.051077900Z", + "original": "{\"insertId\":\"ut8lbrffooxzb\",\"jsonPayload\":{\"bytes_sent\":\"173663\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"198.51.100.248\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"68\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "kind": "event", + "start": "2019-06-14T03:40:08.466657665Z", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "ut8lbrffooxzb", + "category": "network", + "type": "connection" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | +| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.image.id | Image ID for the cloud instance. | keyword | +| cloud.instance.id | Instance ID of the host machine. | keyword | +| cloud.instance.name | Instance name of the host machine. | keyword | +| cloud.machine.type | Machine type of the host machine. | keyword | +| cloud.project.id | Name of the project in Google Cloud. | keyword | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | +| cloud.region | Region in which this host is running. | keyword | +| container.id | Unique container id. | keyword | +| container.image.name | Name of the image the container was built on. | keyword | +| container.labels | Image labels. | object | +| container.name | Container name. | keyword | +| container.runtime | Runtime managing this container. | keyword | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| destination.address | Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| destination.as.organization.name | Organization name. | wildcard | +| destination.domain | Destination domain. | wildcard | +| destination.geo.city_name | City name. | keyword | +| destination.geo.continent_name | Name of the continent. | keyword | +| destination.geo.country_iso_code | Country ISO code. | keyword | +| destination.geo.country_name | Country name. | keyword | +| destination.geo.location | Longitude and latitude. | geo_point | +| destination.geo.name | User-defined description of a location, at the level of granularity they care about. | wildcard | +| destination.geo.region_iso_code | Region ISO code. | keyword | +| destination.geo.region_name | Region name. | keyword | +| destination.ip | IP address of the destination (IPv4 or IPv6). | ip | +| destination.port | Port of the destination. | long | +| ecs.version | ECS version | keyword | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. | date | +| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | +| gcp.destination.instance.project_id | ID of the project containing the VM. | keyword | +| gcp.destination.instance.region | Region of the VM. | keyword | +| gcp.destination.instance.zone | Zone of the VM. | keyword | +| gcp.destination.vpc.project_id | ID of the project containing the VM. | keyword | +| gcp.destination.vpc.subnetwork_name | Subnetwork on which the VM is operating. | keyword | +| gcp.destination.vpc.vpc_name | VPC on which the VM is operating. | keyword | +| gcp.source.instance.project_id | ID of the project containing the VM. | keyword | +| gcp.source.instance.region | Region of the VM. | keyword | +| gcp.source.instance.zone | Zone of the VM. | keyword | +| gcp.source.vpc.project_id | ID of the project containing the VM. | keyword | +| gcp.source.vpc.subnetwork_name | Subnetwork on which the VM is operating. | keyword | +| gcp.source.vpc.vpc_name | VPC on which the VM is operating. | keyword | +| gcp.vpcflow.reporter | The side which reported the flow. Can be either 'SRC' or 'DEST'. | keyword | +| gcp.vpcflow.rtt.ms | Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. | long | +| host.architecture | Operating system architecture. | keyword | +| host.containerized | If the host is a container. | boolean | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | +| host.ip | Host ip addresses. | ip | +| host.mac | Host mac addresses. | keyword | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.os.build | OS build information. | keyword | +| host.os.codename | OS codename, if any. | keyword | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | +| host.os.name | Operating system name, without the version. | keyword | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | +| host.os.version | Operating system version as a raw string. | keyword | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | +| input.type | Input type | keyword | +| log.file.path | Log path | keyword | +| log.logger | | keyword | +| log.offset | Log offset | long | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| network.bytes | Total bytes transferred in both directions. | long | +| network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. | keyword | +| network.direction | Direction of the network traffic. | keyword | +| network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). | keyword | +| network.name | Name given by operators to sections of their network. | keyword | +| network.packets | Total packets transferred in both directions. | long | +| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) | keyword | +| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc | keyword | +| related.hash | All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). | keyword | +| related.hosts | All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. | keyword | +| related.ip | All of the IPs seen on your event. | ip | +| related.user | All the user names seen on your event. | keyword | +| rule.name | The name of the rule or signature generating the event. | keyword | +| source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| source.as.organization.name | Organization name. | wildcard | +| source.bytes | Bytes sent from the source to the destination. | long | +| source.domain | Source domain. | wildcard | +| source.geo.city_name | City name. | keyword | +| source.geo.continent_name | Name of the continent. | keyword | +| source.geo.country_iso_code | Country ISO code. | keyword | +| source.geo.country_name | Country name. | keyword | +| source.geo.location | Longitude and latitude. | geo_point | +| source.geo.name | User-defined description of a location, at the level of granularity they care about. | wildcard | +| source.geo.region_iso_code | Region ISO code. | keyword | +| source.geo.region_name | Region name. | keyword | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | +| source.packets | Packets sent from the source to the destination. | long | +| source.port | Port of the source. | long | +| tags | List of keywords used to tag each event. | keyword | + diff --git a/packages/gcp/img/filebeat-gcp-audit.png b/packages/gcp/img/filebeat-gcp-audit.png new file mode 100644 index 00000000000..4f68932e9f7 Binary files /dev/null and b/packages/gcp/img/filebeat-gcp-audit.png differ diff --git a/packages/gcp/img/logo_gcp.svg b/packages/gcp/img/logo_gcp.svg new file mode 100644 index 00000000000..75e139f9b2e --- /dev/null +++ b/packages/gcp/img/logo_gcp.svg @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + + + + diff --git a/packages/gcp/kibana/dashboard/gcp-6576c480-73a2-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/dashboard/gcp-6576c480-73a2-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..ebabc98f094 --- /dev/null +++ b/packages/gcp/kibana/dashboard/gcp-6576c480-73a2-11ea-a345-f985c61fe654.json @@ -0,0 +1,182 @@ +{ + "attributes": { + "description": "Overview of audit events from Google Cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:gcp.audit" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 32.1625, + "lon": -48.67493, + "zoom": 1.97 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 15, + "i": "a808a985-5cf3-463a-9aad-5159cb64cef1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "a808a985-5cf3-463a-9aad-5159cb64cef1", + "panelRefName": "panel_0", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "9e7025b6-c3bf-424f-b541-d22d00e1fa64", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "9e7025b6-c3bf-424f-b541-d22d00e1fa64", + "panelRefName": "panel_1", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 14, + "i": "5b6a8479-2c18-495e-88fa-9e3239277e3d", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "5b6a8479-2c18-495e-88fa-9e3239277e3d", + "panelRefName": "panel_2", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 14, + "i": "46da4e61-e0bb-4595-a2c7-05210bfbea64", + "w": 12, + "x": 12, + "y": 15 + }, + "panelIndex": "46da4e61-e0bb-4595-a2c7-05210bfbea64", + "panelRefName": "panel_3", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 14, + "i": "4d698f07-2caf-45c0-bd48-51ea72ea79b0", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "4d698f07-2caf-45c0-bd48-51ea72ea79b0", + "panelRefName": "panel_4", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 14, + "i": "c5e31da0-d4c8-4554-ab32-61da2495ab6c", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "c5e31da0-d4c8-4554-ab32-61da2495ab6c", + "panelRefName": "panel_5", + "version": "8.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 9, + "i": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "panelRefName": "panel_6", + "version": "8.0.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Logs GCP] Audit", + "version": 1 + }, + "id": "gcp-6576c480-73a2-11ea-a345-f985c61fe654", + "migrationVersion": { + "dashboard": "7.11.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "gcp-a97de660-73a5-11ea-a345-f985c61fe654", + "name": "panel_0", + "type": "map" + }, + { + "id": "gcp-4627efa0-73a2-11ea-a345-f985c61fe654", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "gcp-eb5bf570-73a2-11ea-a345-f985c61fe654", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "gcp-33ee1320-73a5-11ea-a345-f985c61fe654", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "gcp-a8e40240-73a3-11ea-a345-f985c61fe654", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "gcp-6d90d320-73a4-11ea-a345-f985c61fe654", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "panel_6", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/gcp/kibana/map/gcp-a97de660-73a5-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/map/gcp-a97de660-73a5-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..a2a2640416e --- /dev/null +++ b/packages/gcp/kibana/map/gcp-a97de660-73a5-11ea-a345-f985c61fe654.json @@ -0,0 +1,167 @@ +{ + "attributes": { + "description": "", + "layerListJSON": [ + { + "alpha": 1, + "id": "866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "279da950-e9a7-4287-ab37-25906e448455", + "joins": [], + "label": "Source Locations", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "data_stream.dataset:gcp.audit" + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "79ec6461-7561-45e4-a6a2-9d6fbd4cf986", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-7d", + "to": "now" + }, + "zoom": 1.97 + }, + "title": "Audit Source Locations [Logs GCP]", + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } + }, + "id": "gcp-a97de660-73a5-11ea-a345-f985c61fe654", + "migrationVersion": { + "map": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "type": "map" +} \ No newline at end of file diff --git a/packages/gcp/kibana/search/gcp-d88364c0-73a1-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/search/gcp-d88364c0-73a1-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..6ac5bd75bf3 --- /dev/null +++ b/packages/gcp/kibana/search/gcp-d88364c0-73a1-11ea-a345-f985c61fe654.json @@ -0,0 +1,72 @@ +{ + "attributes": { + "columns": [ + "user.email", + "service.name", + "gcp.audit.type", + "event.action", + "event.outcome", + "source.ip", + "source.geo.region_name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.audit" + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "Audit [Logs GCP]", + "version": 1 + }, + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-33ee1320-73a5-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/visualization/gcp-33ee1320-73a5-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..e793a09c9a2 --- /dev/null +++ b/packages/gcp/kibana/visualization/gcp-33ee1320-73a5-11ea-a345-f985c61fe654.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Top User Email [Logs GCP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Audit Top User Email [Logs GCP]", + "type": "tagcloud" + } + }, + "id": "gcp-33ee1320-73a5-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-4627efa0-73a2-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/visualization/gcp-4627efa0-73a2-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..7ec87032284 --- /dev/null +++ b/packages/gcp/kibana/visualization/gcp-4627efa0-73a2-11ea-a345-f985c61fe654.json @@ -0,0 +1,158 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Events Outcome over time [Logs GCP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "[unknown]", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Audit Event Outcome over time [Logs GCP]", + "type": "histogram" + } + }, + "id": "gcp-4627efa0-73a2-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-6d90d320-73a4-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/visualization/gcp-6d90d320-73a4-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..0fbf65df076 --- /dev/null +++ b/packages/gcp/kibana/visualization/gcp-6d90d320-73a4-11ea-a345-f985c61fe654.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Resource Name [Logs GCP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "gcp.audit.resource_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Resource Name [Logs GCP]", + "type": "pie" + } + }, + "id": "gcp-6d90d320-73a4-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-a8e40240-73a3-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/visualization/gcp-a8e40240-73a3-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..a8b86df99f7 --- /dev/null +++ b/packages/gcp/kibana/visualization/gcp-a8e40240-73a3-11ea-a345-f985c61fe654.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit User Agent [Logs GCP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit User Agent [Logs GCP]", + "type": "pie" + } + }, + "id": "gcp-a8e40240-73a3-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-eb5bf570-73a2-11ea-a345-f985c61fe654.json b/packages/gcp/kibana/visualization/gcp-eb5bf570-73a2-11ea-a345-f985c61fe654.json new file mode 100644 index 00000000000..eb530053021 --- /dev/null +++ b/packages/gcp/kibana/visualization/gcp-eb5bf570-73a2-11ea-a345-f985c61fe654.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Audit Event Action [Logs GCP]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Audit Event Action [Logs GCP]", + "type": "pie" + } + }, + "id": "gcp-eb5bf570-73a2-11ea-a345-f985c61fe654", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml new file mode 100644 index 00000000000..1f43f203dde --- /dev/null +++ b/packages/gcp/manifest.yml @@ -0,0 +1,61 @@ +name: gcp +title: Google Cloud Platform (GCP) +version: 0.0.1 +release: experimental +description: Google Cloud Platform (GCP) Integration +type: integration +icons: + - src: /img/logo_gcp.svg + title: logo gcp + size: 32x32 + type: image/svg+xml +format_version: 1.0.0 +license: basic +categories: + - google_cloud + - cloud + - network + - security +conditions: + kibana.version: ^7.12.0 +screenshots: + - src: /img/filebeat-gcp-audit.png + title: filebeat gcp audit + size: 1702x996 + type: image/png +policy_templates: + - name: gcp + title: Google Cloud Platform (GCP) logs + description: Collect logs from Google Cloud Platform (GCP) instances + inputs: + - type: gcp-pubsub + vars: + - name: alternative_host + type: text + title: Alternative host + multi: false + required: false + show_user: false + - name: project_id + type: text + title: Project Id + multi: false + required: true + show_user: true + default: SET_PROJECT_NAME + - name: credentials_file + type: text + title: Credentials File + multi: false + required: false + show_user: true + - name: credentials_json + type: text + title: Credentials Json + multi: false + required: false + show_user: true + title: 'Collect Google Cloud Platform (GCP) audit, firewall and vpcflow logs (input: gcp-pubsub)' + description: 'Collecting audit, firewall and vpcflow logs from Google Cloud Platform (GCP) instances (input: gcp-pubsub)' +owner: + github: elastic/security-external-integrations