Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Parse more fields from elasticsearch audit log #10356

Merged
merged 10 commits into from
Jan 30, 2019
Next Next commit
Ingest ES structured audit logs
  • Loading branch information
ycombinator committed Jan 30, 2019
commit 6045bef14417b8eec4029cf81f5007f1a98d82f1
23 changes: 7 additions & 16 deletions filebeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -4084,15 +4084,6 @@ alias to: url.original

--

*`elasticsearch.audit.principal`*::
+
--
type: alias

alias to: user.name

--

[float]
== deprecation fields

Expand Down Expand Up @@ -4204,7 +4195,7 @@ CPU time spent outside the kernel.
--
type: float

CPU time spent inside the kernel.
CPU time spent inside the kernel.


--
Expand Down Expand Up @@ -4374,7 +4365,7 @@ Young GC
--
type: long

example:
example:



Expand All @@ -4385,7 +4376,7 @@ example:
--
type: long

example:
example:



Expand Down Expand Up @@ -4457,7 +4448,7 @@ Time it took to execute the query
--
type: keyword

example:
example:

Types

Expand All @@ -4468,7 +4459,7 @@ Types
--
type: text

example:
example:

Statistics

Expand Down Expand Up @@ -4501,7 +4492,7 @@ Slow query
--
type: text

example:
example:

Extra source information

Expand Down Expand Up @@ -4545,7 +4536,7 @@ Routing
--
type: keyword

example:
example:

Id

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -151,4 +151,4 @@
"source.ip": "192.168.2.1",
"user.name": "username"
}
]
]
Original file line number Diff line number Diff line change
Expand Up @@ -142,4 +142,4 @@
"source.port": 9300,
"user.name": "_xpack_security"
}
]
]