diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a079ec3a7a2b..7503beb05f06 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -329,6 +329,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add support to set the document id in the json reader. {pull}5844[5844] - Add input httpjson. {issue}13545[13545] {pull}13546[13546] - Filebeat Netflow input: Remove beta label. {pull}13858[13858] +- Remove `event.timezone` from events that don't need it in some modules that support log formats with and without timezones. {pull}13918[13918] *Heartbeat* - Add non-privileged icmp on linux and darwin(mac). {pull}13795[13795] {issue}11498[11498] diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml index d96242ac040d..e8c035e32cc1 100644 --- a/filebeat/module/elasticsearch/audit/config/audit.yml +++ b/filebeat/module/elasticsearch/audit/config/audit.yml @@ -6,4 +6,5 @@ paths: exclude_files: [".gz$"] processors: -- add_locale: ~ +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" diff --git a/filebeat/module/elasticsearch/audit/test/test-audit-730.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit-730.log-expected.json index a54d03d2336b..5c1518d7ecdf 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit-730.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit-730.log-expected.json @@ -18,7 +18,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 0, @@ -48,7 +47,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 423, @@ -78,7 +76,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 846, @@ -107,7 +104,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 1269, @@ -136,7 +132,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 1706, @@ -162,7 +157,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 2170, @@ -188,7 +182,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 2576, @@ -217,7 +210,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 2984, @@ -246,7 +238,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 3402, @@ -272,7 +263,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 3823, diff --git a/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json index db81efaba9a7..a2da63f62fd5 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json @@ -8,7 +8,6 @@ "event.action": "anonymous_access_denied", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "http.request.method": "GET", "input.type": "log", @@ -29,7 +28,6 @@ "event.action": "authentication_failed", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "http.request.method": "GET", "input.type": "log", diff --git a/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json index b1506c92f750..4155cfd829ba 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json @@ -7,7 +7,6 @@ "event.action": "authentication_failed", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 0, @@ -27,7 +26,6 @@ "event.action": "authentication_failed", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 274, @@ -53,7 +51,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 558, @@ -78,7 +75,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 941, @@ -103,7 +99,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 1309, @@ -131,7 +126,6 @@ "event.action": "access_granted", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", "log.offset": 1676, @@ -153,7 +147,6 @@ "event.action": "authentication_success", "event.dataset": "elasticsearch.audit", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "audit", "http.request.body.content": "\n{\n \"query\" : {\n \"term\" : { \"user\" : \"kimchy\" }\n }\n}\n", "http.request.method": "GET", diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml index fa541cde1c66..14cdbbe9414a 100644 --- a/filebeat/module/elasticsearch/deprecation/config/log.yml +++ b/filebeat/module/elasticsearch/deprecation/config/log.yml @@ -10,4 +10,5 @@ multiline: match: after processors: -- add_locale: ~ +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" diff --git a/filebeat/module/elasticsearch/deprecation/test/test-json.log-expected.json b/filebeat/module/elasticsearch/deprecation/test/test-json.log-expected.json index b5d4d61d3ec1..6f6b17316e4a 100644 --- a/filebeat/module/elasticsearch/deprecation/test/test-json.log-expected.json +++ b/filebeat/module/elasticsearch/deprecation/test/test-json.log-expected.json @@ -8,7 +8,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -25,7 +24,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -42,7 +40,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -59,7 +56,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -76,7 +72,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -93,7 +88,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -110,7 +104,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -127,7 +120,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -144,7 +136,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -161,7 +152,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -178,7 +168,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -195,7 +184,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", @@ -212,7 +200,6 @@ "elasticsearch.node.name": "es1_1", "event.dataset": "elasticsearch.deprecation", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "deprecation", "input.type": "log", "log.level": "WARN", diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml index 37c2e58592bc..7d7e969a9b81 100644 --- a/filebeat/module/elasticsearch/server/config/log.yml +++ b/filebeat/module/elasticsearch/server/config/log.yml @@ -10,5 +10,5 @@ multiline: match: after processors: -- add_locale: ~ - +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" diff --git a/filebeat/module/elasticsearch/server/test/test-json.log-expected.json b/filebeat/module/elasticsearch/server/test/test-json.log-expected.json index e0e7118a91f6..10949d3b4bab 100644 --- a/filebeat/module/elasticsearch/server/test/test-json.log-expected.json +++ b/filebeat/module/elasticsearch/server/test/test-json.log-expected.json @@ -6,7 +6,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -21,7 +20,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -36,7 +34,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -51,7 +48,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -66,7 +62,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -81,7 +76,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "WARN", @@ -96,7 +90,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -111,7 +104,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -126,7 +118,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -141,7 +132,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -156,7 +146,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -171,7 +160,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -186,7 +174,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -201,7 +188,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -216,7 +202,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -231,7 +216,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -246,7 +230,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -261,7 +244,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -276,7 +258,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -291,7 +272,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -306,7 +286,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -321,7 +300,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -336,7 +314,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -351,7 +328,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -366,7 +342,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -381,7 +356,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -396,7 +370,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -411,7 +384,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -426,7 +398,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -441,7 +412,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -456,7 +426,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -471,7 +440,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -486,7 +454,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -501,7 +468,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -516,7 +482,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -531,7 +496,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -548,7 +512,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -563,7 +526,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "DEBUG", @@ -578,7 +540,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -593,7 +554,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -608,7 +568,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -623,7 +582,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -638,7 +596,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "WARN", @@ -653,7 +610,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -668,7 +624,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -685,7 +640,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -702,7 +656,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -719,7 +672,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -736,7 +688,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -753,7 +704,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -770,7 +720,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -787,7 +736,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -804,7 +752,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -821,7 +768,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -838,7 +784,6 @@ "elasticsearch.node.name": "node-0", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -902,7 +847,6 @@ ], "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.flags": [ @@ -920,7 +864,6 @@ "elasticsearch.node.name": "sample-name", "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.level": "INFO", @@ -977,7 +920,6 @@ ], "event.dataset": "elasticsearch.server", "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "server", "input.type": "log", "log.flags": [ diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml index e255eaacbfea..d6a75034b2dd 100644 --- a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml +++ b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml @@ -11,4 +11,5 @@ multiline: match: after processors: -- add_locale: ~ +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" diff --git a/filebeat/module/elasticsearch/slowlog/test/es74_index_indexing_slowlog-json.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/es74_index_indexing_slowlog-json.log-expected.json index 9f9869914975..d6c2c575c909 100644 --- a/filebeat/module/elasticsearch/slowlog/test/es74_index_indexing_slowlog-json.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/es74_index_indexing_slowlog-json.log-expected.json @@ -16,7 +16,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 3000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -40,7 +39,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 2000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", diff --git a/filebeat/module/elasticsearch/slowlog/test/es74_index_search_slowlog-json.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/es74_index_search_slowlog-json.log-expected.json index cf559e792204..c59127f6b77e 100644 --- a/filebeat/module/elasticsearch/slowlog/test/es74_index_search_slowlog-json.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/es74_index_search_slowlog-json.log-expected.json @@ -19,7 +19,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 6000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -47,7 +46,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 17000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -75,7 +73,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 4000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -103,7 +100,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 5000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -131,7 +127,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 5000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -159,7 +154,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 4000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -187,7 +181,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 9000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -215,7 +208,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 4000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -241,7 +233,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", diff --git a/filebeat/module/elasticsearch/slowlog/test/es_index_indexing_slowlog-json.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/es_index_indexing_slowlog-json.log-expected.json index 328873e9c143..e0991f524621 100644 --- a/filebeat/module/elasticsearch/slowlog/test/es_index_indexing_slowlog-json.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/es_index_indexing_slowlog-json.log-expected.json @@ -16,7 +16,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 4000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -41,7 +40,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", diff --git a/filebeat/module/elasticsearch/slowlog/test/es_index_search_slowlog-json.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/es_index_search_slowlog-json.log-expected.json index e0e78bbb1ab6..e7933d2368c0 100644 --- a/filebeat/module/elasticsearch/slowlog/test/es_index_search_slowlog-json.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/es_index_search_slowlog-json.log-expected.json @@ -12,7 +12,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -33,7 +32,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -54,7 +52,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 9000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", diff --git a/filebeat/module/elasticsearch/slowlog/test/slowlogs-json.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/slowlogs-json.log-expected.json index f94af82f2460..3de1770efc94 100644 --- a/filebeat/module/elasticsearch/slowlog/test/slowlogs-json.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/slowlogs-json.log-expected.json @@ -18,7 +18,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 9000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -45,7 +44,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -72,7 +70,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -100,7 +97,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 2000000, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "WARN", @@ -128,7 +124,6 @@ "event.dataset": "elasticsearch.slowlog", "event.duration": 0, "event.module": "elasticsearch", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.flags": [ diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml index 8d2e78e77521..d90907fb16c9 100644 --- a/filebeat/module/logstash/log/config/log.yml +++ b/filebeat/module/logstash/log/config/log.yml @@ -13,4 +13,5 @@ multiline: {{ end }} processors: -- add_locale: ~ +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" diff --git a/filebeat/module/logstash/log/test/logstash-json.log-expected.json b/filebeat/module/logstash/log/test/logstash-json.log-expected.json index 4f0a7f63b14f..5470cb171dfe 100644 --- a/filebeat/module/logstash/log/test/logstash-json.log-expected.json +++ b/filebeat/module/logstash/log/test/logstash-json.log-expected.json @@ -3,7 +3,6 @@ "@timestamp": "2019-01-07T21:25:21.871Z", "event.dataset": "logstash.log", "event.module": "logstash", - "event.timezone": "-02:00", "fileset.name": "log", "input.type": "log", "log.level": "INFO", @@ -30,7 +29,6 @@ "@timestamp": "2019-01-07T21:25:22.538Z", "event.dataset": "logstash.log", "event.module": "logstash", - "event.timezone": "-02:00", "fileset.name": "log", "input.type": "log", "log.level": "INFO", @@ -46,7 +44,6 @@ "@timestamp": "2019-01-07T21:25:22.594Z", "event.dataset": "logstash.log", "event.module": "logstash", - "event.timezone": "-02:00", "fileset.name": "log", "input.type": "log", "log.level": "INFO", diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml index d96242ac040d..e8c035e32cc1 100644 --- a/filebeat/module/logstash/slowlog/config/slowlog.yml +++ b/filebeat/module/logstash/slowlog/config/slowlog.yml @@ -6,4 +6,5 @@ paths: exclude_files: [".gz$"] processors: -- add_locale: ~ +# Locale for timezone is only needed in non-json logs +- add_locale.when.not.regexp.message: "^{" diff --git a/filebeat/module/logstash/slowlog/test/slowlog-json.log-expected.json b/filebeat/module/logstash/slowlog/test/slowlog-json.log-expected.json index 6b4ada127459..865f8389af5b 100644 --- a/filebeat/module/logstash/slowlog/test/slowlog-json.log-expected.json +++ b/filebeat/module/logstash/slowlog/test/slowlog-json.log-expected.json @@ -4,7 +4,6 @@ "event.dataset": "logstash.slowlog", "event.duration": 5026401704, "event.module": "logstash", - "event.timezone": "-02:00", "fileset.name": "slowlog", "input.type": "log", "log.level": "INFO",