From ba6de6a712914d5bcc8d2d1923fc9627e16b682b Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 29 May 2019 12:01:21 +0200 Subject: [PATCH 1/4] Properly parse the timezone in PostgreSQL logs Parse the timezone in PostgreSQL logs as part of the date. --- CHANGELOG.next.asciidoc | 1 + .../postgresql/log/ingest/pipeline.json | 9 +- ...-9.6-debian-with-slowlog.log-expected.json | 72 ++--- ...ostgresql-9.6-multi-core.log-expected.json | 32 +- ...gresql-9.6-new-timestamp.log-expected.json | 20 +- .../postgresql-ubuntu-9.5.log-expected.json | 296 +++++++++--------- 6 files changed, 215 insertions(+), 215 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c581c15598c..b5f6f3fae69 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -106,6 +106,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix goroutine leak caused on initialization failures of log input. {pull}12125[12125] - Fix goroutine leak on non-explicit finalization of log input. {pull}12164[12164] - Skipping unparsable log entries from docker json reader {pull}12268[12268] +- Parse timezone in PostgreSQL logs as part of the timestamp {pull}12338[12338] *Heartbeat* diff --git a/filebeat/module/postgresql/log/ingest/pipeline.json b/filebeat/module/postgresql/log/ingest/pipeline.json index 5101d751a98..c0d83f38065 100644 --- a/filebeat/module/postgresql/log/ingest/pipeline.json +++ b/filebeat/module/postgresql/log/ingest/pipeline.json @@ -6,10 +6,10 @@ "field": "message", "ignore_missing": true, "patterns": [ - "^%{LOCALDATETIME:postgresql.log.timestamp} %{WORD:event.timezone} \\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\\] ((\\[%{USERNAME:user.name}\\]@\\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?%{WORD:log.level}: (duration: %{NUMBER:temp.duration:float} ms statement: %{GREEDYDATA:postgresql.log.query}|%{GREEDYDATA:message})" + "^%{DATETIME:postgresql.log.timestamp} \\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\\] ((\\[%{USERNAME:user.name}\\]@\\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?%{WORD:log.level}: (duration: %{NUMBER:temp.duration:float} ms statement: %{GREEDYDATA:postgresql.log.query}|%{GREEDYDATA:message})" ], "pattern_definitions": { - "LOCALDATETIME": "[-0-9]+ %{TIME}", + "DATETIME": "[-0-9]+ %{TIME} %{WORD:event.timezone}", "GREEDYDATA": "(.|\n|\t)*", "POSTGRESQL_DB_NAME": "[a-zA-Z0-9_]+[a-zA-Z0-9_\\$]*" } @@ -20,9 +20,8 @@ "field": "postgresql.log.timestamp", "target_field": "@timestamp", "formats": [ - "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss" - ], - "ignore_failure": true + "yyyy-MM-dd HH:mm:ss.SSS zz", "yyyy-MM-dd HH:mm:ss zz" + ] } }, { "script": { diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json index 126b93ca0de..229a2c09279 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-07-31T13:36:42.585Z", + "@timestamp": "2017-07-31T11:36:42.585Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -10,12 +10,12 @@ "log.level": "LOG", "log.offset": 0, "message": "database system was shut down at 2017-06-17 16:58:04 CEST", - "postgresql.log.timestamp": "2017-07-31 13:36:42.585", + "postgresql.log.timestamp": "2017-07-31 13:36:42.585 CEST", "process.pid": 4974, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.605Z", + "@timestamp": "2017-07-31T11:36:42.605Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -25,12 +25,12 @@ "log.level": "LOG", "log.offset": 100, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-07-31 13:36:42.605", + "postgresql.log.timestamp": "2017-07-31 13:36:42.605 CEST", "process.pid": 4974, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.615Z", + "@timestamp": "2017-07-31T11:36:42.615Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -40,12 +40,12 @@ "log.level": "LOG", "log.offset": 198, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-07-31 13:36:42.615", + "postgresql.log.timestamp": "2017-07-31 13:36:42.615 CEST", "process.pid": 4978, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.616Z", + "@timestamp": "2017-07-31T11:36:42.616Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -55,12 +55,12 @@ "log.level": "LOG", "log.offset": 268, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-07-31 13:36:42.616", + "postgresql.log.timestamp": "2017-07-31 13:36:42.616 CEST", "process.pid": 4973, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.956Z", + "@timestamp": "2017-07-31T11:36:42.956Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -71,13 +71,13 @@ "log.offset": 357, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-07-31 13:36:42.956", + "postgresql.log.timestamp": "2017-07-31 13:36:42.956 CEST", "process.pid": 4980, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-07-31T13:36:43.557Z", + "@timestamp": "2017-07-31T11:36:43.557Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 37118000, @@ -93,13 +93,13 @@ "message": "2017-07-31 13:36:43.557 CEST [4983] postgres@postgres LOG: duration: 37.118 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.timestamp": "2017-07-31 13:36:43.557", + "postgresql.log.timestamp": "2017-07-31 13:36:43.557 CEST", "process.pid": 4983, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:36:44.104Z", + "@timestamp": "2017-07-31T11:36:44.104Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 2895000, @@ -115,13 +115,13 @@ "message": "2017-07-31 13:36:44.104 CEST [4986] postgres@postgres LOG: duration: 2.895 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.timestamp": "2017-07-31 13:36:44.104", + "postgresql.log.timestamp": "2017-07-31 13:36:44.104 CEST", "process.pid": 4986, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:36:44.642Z", + "@timestamp": "2017-07-31T11:36:44.642Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 2809000, @@ -137,13 +137,13 @@ "message": "2017-07-31 13:36:44.642 CEST [4989] postgres@postgres LOG: duration: 2.809 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.timestamp": "2017-07-31 13:36:44.642", + "postgresql.log.timestamp": "2017-07-31 13:36:44.642 CEST", "process.pid": 4989, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:16.249Z", + "@timestamp": "2017-07-31T11:39:16.249Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -154,13 +154,13 @@ "log.offset": 1727, "message": "database \"users\" does not exist", "postgresql.log.database": "users", - "postgresql.log.timestamp": "2017-07-31 13:39:16.249", + "postgresql.log.timestamp": "2017-07-31 13:39:16.249 CEST", "process.pid": 5407, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:17.945Z", + "@timestamp": "2017-07-31T11:39:17.945Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -171,13 +171,13 @@ "log.offset": 1818, "message": "database \"user\" does not exist", "postgresql.log.database": "user", - "postgresql.log.timestamp": "2017-07-31 13:39:17.945", + "postgresql.log.timestamp": "2017-07-31 13:39:17.945 CEST", "process.pid": 5500, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:21.025Z", + "@timestamp": "2017-07-31T11:39:21.025Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 37598000, @@ -193,13 +193,13 @@ "message": "2017-07-31 13:39:21.025 CEST [5404] postgres@postgres LOG: duration: 37.598 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.timestamp": "2017-07-31 13:39:21.025", + "postgresql.log.timestamp": "2017-07-31 13:39:21.025 CEST", "process.pid": 5404, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:31.619Z", + "@timestamp": "2017-07-31T11:39:31.619Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 9482000, @@ -212,13 +212,13 @@ "message": "2017-07-31 13:39:31.619 CEST [5502] postgres@clients LOG: duration: 9.482 ms statement: select * from clients;", "postgresql.log.database": "clients", "postgresql.log.query": "select * from clients;", - "postgresql.log.timestamp": "2017-07-31 13:39:31.619", + "postgresql.log.timestamp": "2017-07-31 13:39:31.619 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:40.147Z", + "@timestamp": "2017-07-31T11:39:40.147Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 765000, @@ -231,13 +231,13 @@ "message": "2017-07-31 13:39:40.147 CEST [5502] postgres@clients LOG: duration: 0.765 ms statement: select id from clients;", "postgresql.log.database": "clients", "postgresql.log.query": "select id from clients;", - "postgresql.log.timestamp": "2017-07-31 13:39:40.147", + "postgresql.log.timestamp": "2017-07-31 13:39:40.147 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:40:54.310Z", + "@timestamp": "2017-07-31T11:40:54.310Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 26082001, @@ -253,13 +253,13 @@ "message": "2017-07-31 13:40:54.310 CEST [5502] postgres@clients LOG: duration: 26.082 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", "postgresql.log.database": "clients", "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.timestamp": "2017-07-31 13:40:54.310", + "postgresql.log.timestamp": "2017-07-31 13:40:54.310 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:43:22.645Z", + "@timestamp": "2017-07-31T11:43:22.645Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 36161999, @@ -272,13 +272,13 @@ "message": "2017-07-31 13:43:22.645 CEST [5502] postgres@clients LOG: duration: 36.162 ms statement: create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", "postgresql.log.database": "clients", "postgresql.log.query": "create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", - "postgresql.log.timestamp": "2017-07-31 13:43:22.645", + "postgresql.log.timestamp": "2017-07-31 13:43:22.645 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:02.670Z", + "@timestamp": "2017-07-31T11:46:02.670Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 10540000, @@ -291,13 +291,13 @@ "message": "2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now());", "postgresql.log.database": "c$lients", "postgresql.log.query": "insert into cats(name, toy, born) values('kate', 'ball', now());", - "postgresql.log.timestamp": "2017-07-31 13:46:02.670", + "postgresql.log.timestamp": "2017-07-31 13:46:02.670 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:23.016Z", + "@timestamp": "2017-07-31T11:46:23.016Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 5156000, @@ -310,13 +310,13 @@ "message": "2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now());", "postgresql.log.database": "_clients$db", "postgresql.log.query": "insert into cats(name, toy, born) values('frida', 'horse', now());", - "postgresql.log.timestamp": "2017-07-31 13:46:23.016", + "postgresql.log.timestamp": "2017-07-31 13:46:23.016 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:55.637Z", + "@timestamp": "2017-07-31T11:46:55.637Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 25871000, @@ -329,7 +329,7 @@ "message": "2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", "postgresql.log.database": "clients_db", "postgresql.log.query": "create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", - "postgresql.log.timestamp": "2017-07-31 13:46:55.637", + "postgresql.log.timestamp": "2017-07-31 13:46:55.637 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json index d759db48e14..d1bf43966d0 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -12,13 +12,13 @@ "message": "incomplete startup packet", "postgresql.log.core_id": 1, "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 12975, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -30,13 +30,13 @@ "message": "database \"user\" does not exist", "postgresql.log.core_id": 1, "postgresql.log.database": "user", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 5404, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:35:22.389Z", + "@timestamp": "2017-04-03T20:35:22.389Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 37598000, @@ -53,13 +53,13 @@ "postgresql.log.core_id": 2, "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.timestamp": "2017-04-03 22:35:22.389", + "postgresql.log.timestamp": "2017-04-03 22:35:22.389 CEST", "process.pid": 5404, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:36:43.557Z", + "@timestamp": "2017-07-31T17:36:43.557Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -70,12 +70,12 @@ "log.offset": 897, "message": "autovacuum launcher started", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:43.557", + "postgresql.log.timestamp": "2017-07-31 13:36:43.557 EST", "process.pid": 835, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:44.227Z", + "@timestamp": "2017-07-31T17:36:44.227Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -86,12 +86,12 @@ "log.offset": 967, "message": "checkpoints are occurring too frequently (25 seconds apart)", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:44.227", + "postgresql.log.timestamp": "2017-07-31 13:36:44.227 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:02.670Z", + "@timestamp": "2017-07-31T17:46:02.670Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -102,12 +102,12 @@ "log.offset": 1069, "message": "Consider increasing the configuration parameter \"max_wal_size\".", "postgresql.log.core_id": 2, - "postgresql.log.timestamp": "2017-07-31 13:46:02.670", + "postgresql.log.timestamp": "2017-07-31 13:46:02.670 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:23.016Z", + "@timestamp": "2017-07-31T17:46:23.016Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -119,13 +119,13 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:23.016", + "postgresql.log.timestamp": "2017-07-31 13:46:23.016 EST", "process.pid": 768, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:55.637Z", + "@timestamp": "2017-07-31T17:46:55.637Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -137,7 +137,7 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:55.637", + "postgresql.log.timestamp": "2017-07-31 13:46:55.637 EST", "process.pid": 771, "service.type": "postgresql", "user.name": "postgres" diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json index 25e2cdee631..fc0f951d21c 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-07-31T13:36:43.000Z", + "@timestamp": "2017-07-31T17:36:43.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -11,12 +11,12 @@ "log.offset": 0, "message": "autovacuum launcher started", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:43", + "postgresql.log.timestamp": "2017-07-31 13:36:43 EST", "process.pid": 835, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:44.000Z", + "@timestamp": "2017-07-31T17:36:44.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -27,12 +27,12 @@ "log.offset": 66, "message": "checkpoints are occurring too frequently (25 seconds apart)", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:44", + "postgresql.log.timestamp": "2017-07-31 13:36:44 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:02.000Z", + "@timestamp": "2017-07-31T17:46:02.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -43,12 +43,12 @@ "log.offset": 164, "message": "Consider increasing the configuration parameter \"max_wal_size\".", "postgresql.log.core_id": 2, - "postgresql.log.timestamp": "2017-07-31 13:46:02", + "postgresql.log.timestamp": "2017-07-31 13:46:02 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:23.000Z", + "@timestamp": "2017-07-31T17:46:23.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -60,13 +60,13 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:23", + "postgresql.log.timestamp": "2017-07-31 13:46:23 EST", "process.pid": 768, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:55.000Z", + "@timestamp": "2017-07-31T17:46:55.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -78,7 +78,7 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:55", + "postgresql.log.timestamp": "2017-07-31 13:46:55 EST", "process.pid": 771, "service.type": "postgresql", "user.name": "postgres" diff --git a/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json index e960a49642a..82c92a0b882 100644 --- a/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -11,13 +11,13 @@ "log.offset": 0, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 31225, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -28,13 +28,13 @@ "log.offset": 118, "message": "unexpected EOF on client connection with an open transaction", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 31225, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:35:22.389Z", + "@timestamp": "2017-04-03T20:35:22.389Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -45,13 +45,13 @@ "log.offset": 236, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:35:22.389", + "postgresql.log.timestamp": "2017-04-03 22:35:22.389 CEST", "process.pid": 3474, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:36:56.464Z", + "@timestamp": "2017-04-03T20:36:56.464Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -62,13 +62,13 @@ "log.offset": 353, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:36:56.464", + "postgresql.log.timestamp": "2017-04-03 22:36:56.464 CEST", "process.pid": 3525, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:37:12.961Z", + "@timestamp": "2017-04-03T20:37:12.961Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -79,13 +79,13 @@ "log.offset": 470, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:37:12.961", + "postgresql.log.timestamp": "2017-04-03 22:37:12.961 CEST", "process.pid": 3570, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T21:05:28.549Z", + "@timestamp": "2017-04-07T19:05:28.549Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -96,13 +96,13 @@ "log.offset": 587, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 21:05:28.549", + "postgresql.log.timestamp": "2017-04-07 21:05:28.549 CEST", "process.pid": 21483, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T21:09:41.345Z", + "@timestamp": "2017-04-07T19:09:41.345Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -113,13 +113,13 @@ "log.offset": 705, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 21:09:41.345", + "postgresql.log.timestamp": "2017-04-07 21:09:41.345 CEST", "process.pid": 21597, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:45:30.218Z", + "@timestamp": "2017-04-07T20:45:30.218Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -130,13 +130,13 @@ "log.offset": 823, "message": "operator does not exist: jsonb @> at character 49", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:45:30.218", + "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:45:30.218Z", + "@timestamp": "2017-04-07T20:45:30.218Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -147,13 +147,13 @@ "log.offset": 932, "message": "No operator matches the given name and argument type(s). You might need to add explicit type casts.", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:45:30.218", + "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:45:30.218Z", + "@timestamp": "2017-04-07T20:45:30.218Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -164,13 +164,13 @@ "log.offset": 1090, "message": "SELECT id, user FROM users WHERE NOT user @> %s", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:45:30.218", + "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:46:09.751Z", + "@timestamp": "2017-04-07T20:46:09.751Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -181,13 +181,13 @@ "log.offset": 1201, "message": "column \"%s\" does not exist at character 52", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:46:09.751", + "postgresql.log.timestamp": "2017-04-07 22:46:09.751 CEST", "process.pid": 22608, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:46:09.751Z", + "@timestamp": "2017-04-07T20:46:09.751Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -198,13 +198,13 @@ "log.offset": 1303, "message": "SELECT id, user FROM users WHERE NOT user @> \"%s\"", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:46:09.751", + "postgresql.log.timestamp": "2017-04-07 22:46:09.751 CEST", "process.pid": 22608, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:02:51.199Z", + "@timestamp": "2017-04-07T21:02:51.199Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -215,13 +215,13 @@ "log.offset": 1416, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:02:51.199", + "postgresql.log.timestamp": "2017-04-07 23:02:51.199 CEST", "process.pid": 24341, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:02:51.199Z", + "@timestamp": "2017-04-07T21:02:51.199Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -232,13 +232,13 @@ "log.offset": 1534, "message": "unexpected EOF on client connection with an open transaction", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:02:51.199", + "postgresql.log.timestamp": "2017-04-07 23:02:51.199 CEST", "process.pid": 24341, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:36.087Z", + "@timestamp": "2017-04-07T21:04:36.087Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -249,13 +249,13 @@ "log.offset": 1652, "message": "syntax error at or near \"{\" at character 49", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:36.087", + "postgresql.log.timestamp": "2017-04-07 23:04:36.087 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:36.087Z", + "@timestamp": "2017-04-07T21:04:36.087Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -266,13 +266,13 @@ "log.offset": 1755, "message": "INSERT INTO users (id, user) VALUES (1, {\"attr\": \"yes\"});", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:36.087", + "postgresql.log.timestamp": "2017-04-07 23:04:36.087 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:51.462Z", + "@timestamp": "2017-04-07T21:04:51.462Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -283,13 +283,13 @@ "log.offset": 1876, "message": "syntax error at or near \"{\" at character 49", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:51.462", + "postgresql.log.timestamp": "2017-04-07 23:04:51.462 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:51.462Z", + "@timestamp": "2017-04-07T21:04:51.462Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -300,13 +300,13 @@ "log.offset": 1979, "message": "INSERT INTO users (id, user) VALUES (1, {attr: \"yes\"});", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:51.462", + "postgresql.log.timestamp": "2017-04-07 23:04:51.462 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:06.217Z", + "@timestamp": "2017-04-07T21:05:06.217Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -317,13 +317,13 @@ "log.offset": 2098, "message": "column \"a\" does not exist at character 42", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:06.217", + "postgresql.log.timestamp": "2017-04-07 23:05:06.217 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:06.217Z", + "@timestamp": "2017-04-07T21:05:06.217Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -334,13 +334,13 @@ "log.offset": 2199, "message": "INSERT INTO users (id, user) VALUES (1, '{\"attr\": \"yes\"}');", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:06.217", + "postgresql.log.timestamp": "2017-04-07 23:05:06.217 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:18.295Z", + "@timestamp": "2017-04-07T21:05:18.295Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -351,13 +351,13 @@ "log.offset": 2322, "message": "column \"attr\" does not exist at character 42", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:18.295", + "postgresql.log.timestamp": "2017-04-07 23:05:18.295 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:18.295Z", + "@timestamp": "2017-04-07T21:05:18.295Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -368,13 +368,13 @@ "log.offset": 2426, "message": "INSERT INTO users (id, user) VALUES (\"1\", '{\"attr\": \"no\"}');", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:18.295", + "postgresql.log.timestamp": "2017-04-07 23:05:18.295 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:13:47.505Z", + "@timestamp": "2017-04-07T21:13:47.505Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -385,13 +385,13 @@ "log.offset": 2550, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:13:47.505", + "postgresql.log.timestamp": "2017-04-07 23:13:47.505 CEST", "process.pid": 24489, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:13:47.505Z", + "@timestamp": "2017-04-07T21:13:47.505Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -402,13 +402,13 @@ "log.offset": 2668, "message": "unexpected EOF on client connection with an open transaction", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:13:47.505", + "postgresql.log.timestamp": "2017-04-07 23:13:47.505 CEST", "process.pid": 24489, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T12:32:51.056Z", + "@timestamp": "2017-04-08T10:32:51.056Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -419,13 +419,13 @@ "log.offset": 2786, "message": "duplicate key value violates unique constraint \"users_pkey\"", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 12:32:51.056", + "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T12:32:51.056Z", + "@timestamp": "2017-04-08T10:32:51.056Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -436,13 +436,13 @@ "log.offset": 2905, "message": "Key (id)=(1) already exists.", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 12:32:51.056", + "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T12:32:51.056Z", + "@timestamp": "2017-04-08T10:32:51.056Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -453,13 +453,13 @@ "log.offset": 2994, "message": "INSERT INTO users (id, user) VALUES ('1', '{\"attr\": \"yes\"}');", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 12:32:51.056", + "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T21:54:37.443Z", + "@timestamp": "2017-04-08T19:54:37.443Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -470,13 +470,13 @@ "log.offset": 3119, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 21:54:37.443", + "postgresql.log.timestamp": "2017-04-08 21:54:37.443 CEST", "process.pid": 30630, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T21:54:37.468Z", + "@timestamp": "2017-04-08T19:54:37.468Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -487,13 +487,13 @@ "log.offset": 3237, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 21:54:37.468", + "postgresql.log.timestamp": "2017-04-08 21:54:37.468 CEST", "process.pid": 30502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T21:54:37.618Z", + "@timestamp": "2017-04-08T19:54:37.618Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -503,12 +503,12 @@ "log.level": "LOG", "log.offset": 3355, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-04-08 21:54:37.618", + "postgresql.log.timestamp": "2017-04-08 21:54:37.618 CEST", "process.pid": 20769, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.618Z", + "@timestamp": "2017-04-08T19:54:37.618Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -518,12 +518,12 @@ "log.level": "LOG", "log.offset": 3429, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-04-08 21:54:37.618", + "postgresql.log.timestamp": "2017-04-08 21:54:37.618 CEST", "process.pid": 20769, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.618Z", + "@timestamp": "2017-04-08T19:54:37.618Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -533,12 +533,12 @@ "log.level": "LOG", "log.offset": 3505, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-04-08 21:54:37.618", + "postgresql.log.timestamp": "2017-04-08 21:54:37.618 CEST", "process.pid": 20774, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.622Z", + "@timestamp": "2017-04-08T19:54:37.622Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -548,12 +548,12 @@ "log.level": "LOG", "log.offset": 3582, "message": "shutting down", - "postgresql.log.timestamp": "2017-04-08 21:54:37.622", + "postgresql.log.timestamp": "2017-04-08 21:54:37.622 CEST", "process.pid": 20771, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.644Z", + "@timestamp": "2017-04-08T19:54:37.644Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -563,12 +563,12 @@ "log.level": "LOG", "log.offset": 3639, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-04-08 21:54:37.644", + "postgresql.log.timestamp": "2017-04-08 21:54:37.644 CEST", "process.pid": 20769, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.932Z", + "@timestamp": "2017-04-08T19:56:02.932Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -578,12 +578,12 @@ "log.level": "LOG", "log.offset": 3711, "message": "database system was shut down at 2017-04-08 21:54:37 CEST", - "postgresql.log.timestamp": "2017-04-08 21:56:02.932", + "postgresql.log.timestamp": "2017-04-08 21:56:02.932 CEST", "process.pid": 797, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.944Z", + "@timestamp": "2017-04-08T19:56:02.944Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -593,12 +593,12 @@ "log.level": "LOG", "log.offset": 3810, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-04-08 21:56:02.944", + "postgresql.log.timestamp": "2017-04-08 21:56:02.944 CEST", "process.pid": 797, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.946Z", + "@timestamp": "2017-04-08T19:56:02.946Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -608,12 +608,12 @@ "log.level": "LOG", "log.offset": 3907, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-04-08 21:56:02.946", + "postgresql.log.timestamp": "2017-04-08 21:56:02.946 CEST", "process.pid": 780, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.947Z", + "@timestamp": "2017-04-08T19:56:02.947Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -623,12 +623,12 @@ "log.level": "LOG", "log.offset": 3995, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-04-08 21:56:02.947", + "postgresql.log.timestamp": "2017-04-08 21:56:02.947 CEST", "process.pid": 802, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:03.362Z", + "@timestamp": "2017-04-08T19:56:03.362Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -639,7 +639,7 @@ "log.offset": 4064, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-04-08 21:56:03.362", + "postgresql.log.timestamp": "2017-04-08 21:56:03.362 CEST", "process.pid": 891, "service.type": "postgresql", "user.name": "unknown" @@ -655,7 +655,7 @@ "log.level": "LOG", "log.offset": 4151, "message": "database system was shut down at 2017-05-27 14:07:52 UTC", - "postgresql.log.timestamp": "2017-05-27 14:07:53.007", + "postgresql.log.timestamp": "2017-05-27 14:07:53.007 UTC", "process.pid": 32567, "service.type": "postgresql" }, @@ -670,7 +670,7 @@ "log.level": "LOG", "log.offset": 4250, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-05-27 14:07:53.010", + "postgresql.log.timestamp": "2017-05-27 14:07:53.010 UTC", "process.pid": 32567, "service.type": "postgresql" }, @@ -685,7 +685,7 @@ "log.level": "LOG", "log.offset": 4348, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-05-27 14:07:53.015", + "postgresql.log.timestamp": "2017-05-27 14:07:53.015 UTC", "process.pid": 32566, "service.type": "postgresql" }, @@ -700,7 +700,7 @@ "log.level": "LOG", "log.offset": 4437, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-05-27 14:07:53.016", + "postgresql.log.timestamp": "2017-05-27 14:07:53.016 UTC", "process.pid": 32571, "service.type": "postgresql" }, @@ -716,7 +716,7 @@ "log.offset": 4507, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-05-27 14:07:53.463", + "postgresql.log.timestamp": "2017-05-27 14:07:53.463 UTC", "process.pid": 32573, "service.type": "postgresql", "user.name": "unknown" @@ -733,7 +733,7 @@ "log.offset": 4595, "message": "database \"mydb\" does not exist", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-05-27 14:08:13.661", + "postgresql.log.timestamp": "2017-05-27 14:08:13.661 UTC", "process.pid": 1308, "service.type": "postgresql", "user.name": "postgres" @@ -750,7 +750,7 @@ "log.offset": 4683, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-05-27 14:59:26.553", + "postgresql.log.timestamp": "2017-05-27 14:59:26.553 UTC", "process.pid": 1994, "service.type": "postgresql", "user.name": "postgres" @@ -767,13 +767,13 @@ "log.offset": 4799, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-05-27 14:59:26.555", + "postgresql.log.timestamp": "2017-05-27 14:59:26.555 UTC", "process.pid": 1989, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-06-06T07:54:13.753Z", + "@timestamp": "2017-06-06T05:54:13.753Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -783,12 +783,12 @@ "log.level": "LOG", "log.offset": 4915, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-06-06 07:54:13.753", + "postgresql.log.timestamp": "2017-06-06 07:54:13.753 CEST", "process.pid": 9110, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.753Z", + "@timestamp": "2017-06-06T05:54:13.753Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -798,12 +798,12 @@ "log.level": "LOG", "log.offset": 4988, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-06-06 07:54:13.753", + "postgresql.log.timestamp": "2017-06-06 07:54:13.753 CEST", "process.pid": 9110, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.753Z", + "@timestamp": "2017-06-06T05:54:13.753Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -813,12 +813,12 @@ "log.level": "LOG", "log.offset": 5063, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-06-06 07:54:13.753", + "postgresql.log.timestamp": "2017-06-06 07:54:13.753 CEST", "process.pid": 9115, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.755Z", + "@timestamp": "2017-06-06T05:54:13.755Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -828,12 +828,12 @@ "log.level": "LOG", "log.offset": 5139, "message": "shutting down", - "postgresql.log.timestamp": "2017-06-06 07:54:13.755", + "postgresql.log.timestamp": "2017-06-06 07:54:13.755 CEST", "process.pid": 9112, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.816Z", + "@timestamp": "2017-06-06T05:54:13.816Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -843,12 +843,12 @@ "log.level": "LOG", "log.offset": 5195, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-06-06 07:54:13.816", + "postgresql.log.timestamp": "2017-06-06 07:54:13.816 CEST", "process.pid": 9110, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.725Z", + "@timestamp": "2017-06-06T05:55:39.725Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -858,12 +858,12 @@ "log.level": "LOG", "log.offset": 5266, "message": "database system was shut down at 2017-06-06 07:54:13 CEST", - "postgresql.log.timestamp": "2017-06-06 07:55:39.725", + "postgresql.log.timestamp": "2017-06-06 07:55:39.725 CEST", "process.pid": 12969, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.736Z", + "@timestamp": "2017-06-06T05:55:39.736Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -873,12 +873,12 @@ "log.level": "LOG", "log.offset": 5367, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-06-06 07:55:39.736", + "postgresql.log.timestamp": "2017-06-06 07:55:39.736 CEST", "process.pid": 12969, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.739Z", + "@timestamp": "2017-06-06T05:55:39.739Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -888,12 +888,12 @@ "log.level": "LOG", "log.offset": 5466, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-06-06 07:55:39.739", + "postgresql.log.timestamp": "2017-06-06 07:55:39.739 CEST", "process.pid": 12968, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.739Z", + "@timestamp": "2017-06-06T05:55:39.739Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -903,12 +903,12 @@ "log.level": "LOG", "log.offset": 5556, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-06-06 07:55:39.739", + "postgresql.log.timestamp": "2017-06-06 07:55:39.739 CEST", "process.pid": 12973, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:40.155Z", + "@timestamp": "2017-06-06T05:55:40.155Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -919,13 +919,13 @@ "log.offset": 5627, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-06 07:55:40.155", + "postgresql.log.timestamp": "2017-06-06 07:55:40.155 CEST", "process.pid": 12975, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-06T07:55:40.156Z", + "@timestamp": "2017-06-06T05:55:40.156Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -936,13 +936,13 @@ "log.offset": 5716, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-06 07:55:40.156", + "postgresql.log.timestamp": "2017-06-06 07:55:40.156 CEST", "process.pid": 12975, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-10T19:37:30.681Z", + "@timestamp": "2017-06-10T17:37:30.681Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -952,12 +952,12 @@ "log.level": "LOG", "log.offset": 5805, "message": "database system was shut down at 2017-06-10 19:37:29 CEST", - "postgresql.log.timestamp": "2017-06-10 19:37:30.681", + "postgresql.log.timestamp": "2017-06-10 19:37:30.681 CEST", "process.pid": 17398, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:30.695Z", + "@timestamp": "2017-06-10T17:37:30.695Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -967,12 +967,12 @@ "log.level": "LOG", "log.offset": 5906, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-06-10 19:37:30.695", + "postgresql.log.timestamp": "2017-06-10 19:37:30.695 CEST", "process.pid": 17398, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:30.702Z", + "@timestamp": "2017-06-10T17:37:30.702Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -982,12 +982,12 @@ "log.level": "LOG", "log.offset": 6005, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-06-10 19:37:30.702", + "postgresql.log.timestamp": "2017-06-10 19:37:30.702 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:30.702Z", + "@timestamp": "2017-06-10T17:37:30.702Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -997,12 +997,12 @@ "log.level": "LOG", "log.offset": 6095, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-06-10 19:37:30.702", + "postgresql.log.timestamp": "2017-06-10 19:37:30.702 CEST", "process.pid": 17402, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:31.104Z", + "@timestamp": "2017-06-10T17:37:31.104Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1013,13 +1013,13 @@ "log.offset": 6166, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-10 19:37:31.104", + "postgresql.log.timestamp": "2017-06-10 19:37:31.104 CEST", "process.pid": 17404, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-10T20:27:55.911Z", + "@timestamp": "2017-06-10T18:27:55.911Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1029,12 +1029,12 @@ "log.level": "LOG", "log.offset": 6255, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-06-10 20:27:55.911", + "postgresql.log.timestamp": "2017-06-10 20:27:55.911 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.911Z", + "@timestamp": "2017-06-10T18:27:55.911Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1044,12 +1044,12 @@ "log.level": "LOG", "log.offset": 6329, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-06-10 20:27:55.911", + "postgresql.log.timestamp": "2017-06-10 20:27:55.911 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.911Z", + "@timestamp": "2017-06-10T18:27:55.911Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1059,12 +1059,12 @@ "log.level": "LOG", "log.offset": 6405, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-06-10 20:27:55.911", + "postgresql.log.timestamp": "2017-06-10 20:27:55.911 CEST", "process.pid": 17402, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.914Z", + "@timestamp": "2017-06-10T18:27:55.914Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1074,12 +1074,12 @@ "log.level": "LOG", "log.offset": 6482, "message": "shutting down", - "postgresql.log.timestamp": "2017-06-10 20:27:55.914", + "postgresql.log.timestamp": "2017-06-10 20:27:55.914 CEST", "process.pid": 17399, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.973Z", + "@timestamp": "2017-06-10T18:27:55.973Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1089,12 +1089,12 @@ "log.level": "LOG", "log.offset": 6539, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-06-10 20:27:55.973", + "postgresql.log.timestamp": "2017-06-10 20:27:55.973 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.022Z", + "@timestamp": "2017-06-10T18:27:57.022Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1104,12 +1104,12 @@ "log.level": "LOG", "log.offset": 6611, "message": "database system was shut down at 2017-06-10 20:27:55 CEST", - "postgresql.log.timestamp": "2017-06-10 20:27:57.022", + "postgresql.log.timestamp": "2017-06-10 20:27:57.022 CEST", "process.pid": 24490, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.032Z", + "@timestamp": "2017-06-10T18:27:57.032Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1119,12 +1119,12 @@ "log.level": "LOG", "log.offset": 6712, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-06-10 20:27:57.032", + "postgresql.log.timestamp": "2017-06-10 20:27:57.032 CEST", "process.pid": 24490, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.035Z", + "@timestamp": "2017-06-10T18:27:57.035Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1134,12 +1134,12 @@ "log.level": "LOG", "log.offset": 6811, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-06-10 20:27:57.035", + "postgresql.log.timestamp": "2017-06-10 20:27:57.035 CEST", "process.pid": 24494, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.035Z", + "@timestamp": "2017-06-10T18:27:57.035Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1149,12 +1149,12 @@ "log.level": "LOG", "log.offset": 6882, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-06-10 20:27:57.035", + "postgresql.log.timestamp": "2017-06-10 20:27:57.035 CEST", "process.pid": 24489, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.475Z", + "@timestamp": "2017-06-10T18:27:57.475Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1165,13 +1165,13 @@ "log.offset": 6972, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-10 20:27:57.475", + "postgresql.log.timestamp": "2017-06-10 20:27:57.475 CEST", "process.pid": 24496, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-17T16:58:03.937Z", + "@timestamp": "2017-06-17T14:58:03.937Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1181,12 +1181,12 @@ "log.level": "LOG", "log.offset": 7061, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-06-17 16:58:03.937", + "postgresql.log.timestamp": "2017-06-17 16:58:03.937 CEST", "process.pid": 24489, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:03.937Z", + "@timestamp": "2017-06-17T14:58:03.937Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1196,12 +1196,12 @@ "log.level": "LOG", "log.offset": 7135, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-06-17 16:58:03.937", + "postgresql.log.timestamp": "2017-06-17 16:58:03.937 CEST", "process.pid": 24489, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:03.938Z", + "@timestamp": "2017-06-17T14:58:03.938Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1211,12 +1211,12 @@ "log.level": "LOG", "log.offset": 7211, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-06-17 16:58:03.938", + "postgresql.log.timestamp": "2017-06-17 16:58:03.938 CEST", "process.pid": 24494, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:03.940Z", + "@timestamp": "2017-06-17T14:58:03.940Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1226,12 +1226,12 @@ "log.level": "LOG", "log.offset": 7288, "message": "shutting down", - "postgresql.log.timestamp": "2017-06-17 16:58:03.940", + "postgresql.log.timestamp": "2017-06-17 16:58:03.940 CEST", "process.pid": 24491, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:04.040Z", + "@timestamp": "2017-06-17T14:58:04.040Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1241,7 +1241,7 @@ "log.level": "LOG", "log.offset": 7345, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-06-17 16:58:04.040", + "postgresql.log.timestamp": "2017-06-17 16:58:04.040 CEST", "process.pid": 24489, "service.type": "postgresql" } From fe31a492b289180d163586c24880552c40118e50 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 29 May 2019 16:41:23 +0200 Subject: [PATCH 2/4] Mark `postgresql.log.timestamp` field as deprecated --- filebeat/docs/fields.asciidoc | 3 +++ filebeat/module/postgresql/fields.go | 2 +- filebeat/module/postgresql/log/_meta/fields.yml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 59c85497db5..41f2c70ad72 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -12149,6 +12149,9 @@ Fields from the PostgreSQL log files. *`postgresql.log.timestamp`*:: + -- + +deprecated[7.2.0] + The timestamp from the log line. diff --git a/filebeat/module/postgresql/fields.go b/filebeat/module/postgresql/fields.go index 80b55bcb5c2..9acf444a75f 100644 --- a/filebeat/module/postgresql/fields.go +++ b/filebeat/module/postgresql/fields.go @@ -32,5 +32,5 @@ func init() { // AssetPostgresql returns asset data. // This is the base64 encoded gzipped contents of module/postgresql. func AssetPostgresql() string { - return "eJyck0FP3DAQhe/5FU97rER+QCr1guAEbSnckdlMHKu2x3gc1O2vr7xhtcGbRKRztPXe9/ImvsJvOjQILElHkldbAckkSw12P8fDx4e7XQW0JPtoQjLsG3yrAOCe28ESOo4IKorxGqknnHWwrNEZS1JXgPQc0/OefWd0gxQHqoDOkG2lOfpdwStHRZo86RCogY48hPeTmTTj3B790EV2RZBjhjxT5BRrWU+MLpmr3I/ktRpOU8aYRknGkSTlwofbVXyep57O0nOSjLfGUz3L2nOkZ9MWZuPnW/Z6W4RrjoTC7URqVVIvSqgQ0R/lwvGPc4f2ZbfCu6B9V47A3bzzCfs6UDwsMh9v7m6un/AFt79+3GMQivJ1U4aHbA9JKpEjn84lL272L/uyg7FuZY2S4iao1Degt2y9IHZGRzUu5P1VzXD7SKpd2vMyOETek0gdLpSfoeY6NwKzpM7q/8BZeiO7kWdZ13O6z/AciSi9dZfzqpL3LwAA//+FnHBP" + return "eJyck0Fr3DAQhe/+FY89FmJKLwUXegnJKWmbJveg2GNZVNIoGjl0++uL1ll2o7WXOHPU8N73eGNf4A9tGwSWpCPJs62AZJKlBptf0+P93c2mAjqSNpqQDPsG3ysAuOVutISeI4KKYrxGGggHHSxr9MaS1BUgA8f02LLvjW6Q4kgV0BuynTQ7vwt45ahIkydtAzXQkcfw+jKTZprrnR/6yK4IssuQ5xh5jLWsj4xOmWe5b8nnathPGeM4SjKOJCkX3mwzPkRqVaKuwdf6S/35ZL8YL8/DQAfrQ9IczxpP9WyWliM9mq4wm+qx7PW6CJccCYXbntSppJ6UUCGiv8qF3Rfptt3T5gzvhPZDOQL388577PNIcbvIvL+6ubp8wCdc//55i1EoyrdVGe6yPSSpRI58OpS8ePl/7MsOprqVNUqKTVBpaEAv2XpB7IyOajrI6183wx0iqW7pzsvgELklkTqcKN9DzXWuBGZJndUfwFl6IbuSZ1nXc7r38ByJKL32lvOqkvc/AAD//6Ocd3k=" } diff --git a/filebeat/module/postgresql/log/_meta/fields.yml b/filebeat/module/postgresql/log/_meta/fields.yml index d7ee240dcfb..913441a9c61 100644 --- a/filebeat/module/postgresql/log/_meta/fields.yml +++ b/filebeat/module/postgresql/log/_meta/fields.yml @@ -4,6 +4,7 @@ Fields from the PostgreSQL log files. fields: - name: timestamp + deprecated: 7.2.0 description: > The timestamp from the log line. - name: core_id From de14e8e4cadd4c8d965b26abfa6fb507f14896ba Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 29 May 2019 16:43:44 +0200 Subject: [PATCH 3/4] Deprecate field on 7.3.0 --- filebeat/docs/fields.asciidoc | 2 +- filebeat/module/postgresql/fields.go | 2 +- filebeat/module/postgresql/log/_meta/fields.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 41f2c70ad72..4bb25f23574 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -12150,7 +12150,7 @@ Fields from the PostgreSQL log files. + -- -deprecated[7.2.0] +deprecated[7.3.0] The timestamp from the log line. diff --git a/filebeat/module/postgresql/fields.go b/filebeat/module/postgresql/fields.go index 9acf444a75f..9d799833aa6 100644 --- a/filebeat/module/postgresql/fields.go +++ b/filebeat/module/postgresql/fields.go @@ -32,5 +32,5 @@ func init() { // AssetPostgresql returns asset data. // This is the base64 encoded gzipped contents of module/postgresql. func AssetPostgresql() string { - return "eJyck0Fr3DAQhe/+FY89FmJKLwUXegnJKWmbJveg2GNZVNIoGjl0++uL1ll2o7WXOHPU8N73eGNf4A9tGwSWpCPJs62AZJKlBptf0+P93c2mAjqSNpqQDPsG3ysAuOVutISeI4KKYrxGGggHHSxr9MaS1BUgA8f02LLvjW6Q4kgV0BuynTQ7vwt45ahIkydtAzXQkcfw+jKTZprrnR/6yK4IssuQ5xh5jLWsj4xOmWe5b8nnathPGeM4SjKOJCkX3mwzPkRqVaKuwdf6S/35ZL8YL8/DQAfrQ9IczxpP9WyWliM9mq4wm+qx7PW6CJccCYXbntSppJ6UUCGiv8qF3Rfptt3T5gzvhPZDOQL388577PNIcbvIvL+6ubp8wCdc//55i1EoyrdVGe6yPSSpRI58OpS8ePl/7MsOprqVNUqKTVBpaEAv2XpB7IyOajrI6183wx0iqW7pzsvgELklkTqcKN9DzXWuBGZJndUfwFl6IbuSZ1nXc7r38ByJKL32lvOqkvc/AAD//6Ocd3k=" + return "eJyck0Fr3DAQhe/+FY89FmIKPRRc6CUkp6RtmtyDYo9lUUmjaOTQ7a8vWmfZjdZe4sxRw3vf4419gT+0bRBYko4kz7YCkkmWGmx+TY/3dzebCuhI2mhCMuwbfK8A4Ja70RJ6jggqivEaaSAcdLCs0RtLUleADBzTY8u+N7pBiiNVQG/IdtLs/C7glaMiTZ60DdRARx7D68tMmmmud37oI7siyC5DnmPkMdayPjI6ZZ7lviWfq2E/ZYzjKMk4kqRceLPN+BCpVYm6Bl/rL/Xnk/1ivDwPAx2sD0lzPGs81bNZWo70aLrCbKrHstfrIlxyJBRue1KnknpSQoWI/ioXdl+k23ZPmzO8E9oP5Qjczzvvsc8jxe0i8/7q5uryAZ9w/fvnLUahKN9WZbjL9pCkEjny6VDy4uX/sS87mOpW1igpNkGloQG9ZOsFsTM6qukgr3/dDHeIpLqlOy+DQ+SWROpwonwPNde5EpgldVZ/AGfphexKnmVdz+new3MkovTaW86rSt7/AAAA//+nmXd6" } diff --git a/filebeat/module/postgresql/log/_meta/fields.yml b/filebeat/module/postgresql/log/_meta/fields.yml index 913441a9c61..dd2ce0b6465 100644 --- a/filebeat/module/postgresql/log/_meta/fields.yml +++ b/filebeat/module/postgresql/log/_meta/fields.yml @@ -4,7 +4,7 @@ Fields from the PostgreSQL log files. fields: - name: timestamp - deprecated: 7.2.0 + deprecated: 7.3.0 description: > The timestamp from the log line. - name: core_id From e467ae5a51e546d168fcd7442ba9302b48dd6048 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 3 Jun 2019 19:54:17 +0200 Subject: [PATCH 4/4] Add deprecation notice for timestamp field --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 3b8e7ab62d5..f0d9d7be307 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -248,6 +248,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* - `docker` input is deprecated in favour `container`. {pull}12162[12162] +- `postgresql.log.timestamp` field is deprecated in favour of `@timestamp`. {pull}12338[12338] *Heartbeat*