diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 71aae915595..4de666a0fbc 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -268,6 +268,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Enhance `elasticsearch/slowlog` fileset to handle ECS-compatible logs emitted by Elasticsearch. {issue}17715[17715] {pull}17729[17729] - Improve ECS categorization field mappings in misp module. {issue}16026[16026] {pull}17344[17344] - Added Unix stream socket support as an input source and a syslog input source. {pull}17492[17492] +- Improve ECS categorization field mappings in postgresql module. {issue}16177[16177] {pull}17914[17914] *Heartbeat* diff --git a/filebeat/module/postgresql/log/ingest/pipeline.json b/filebeat/module/postgresql/log/ingest/pipeline.json deleted file mode 100644 index 1bed827739d..00000000000 --- a/filebeat/module/postgresql/log/ingest/pipeline.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "description": "Pipeline for parsing PostgreSQL logs.", - "processors": [ - { - "grok": { - "field": "message", - "ignore_missing": true, - "patterns": [ - "^%{DATETIME:postgresql.log.timestamp} \\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\\] ((\\[%{USERNAME:user.name}\\]@\\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?%{WORD:log.level}: (?:%{NUMBER:postgresql.log.error.code:long}|%{SPACE})(duration: %{NUMBER:temp.duration:float} ms %{POSTGRESQL_QUERY_STEP}: %{GREEDYDATA:postgresql.log.query}|: %{GREEDYDATA:message}|%{GREEDYDATA:message})" - ], - "pattern_definitions": { - "DATETIME": "[-0-9]+ %{TIME} %{WORD:event.timezone}", - "GREEDYDATA": "(.|\n|\t)*", - "POSTGRESQL_DB_NAME": "[a-zA-Z0-9_]+[a-zA-Z0-9_\\$]*", - "POSTGRESQL_QUERY_STEP": "%{WORD:postgresql.log.query_step}(?: | %{WORD:postgresql.log.query_name})?" - } - } - }, - { - "date": { - "field": "postgresql.log.timestamp", - "target_field": "@timestamp", - "formats": [ - "yyyy-MM-dd HH:mm:ss.SSS zz", "yyyy-MM-dd HH:mm:ss zz" - ] - } - }, { - "script": { - "lang": "painless", - "source": "ctx.event.duration = Math.round(ctx.temp.duration * params.scale)", - "params": { "scale": 1000000 }, - "if": "ctx.temp?.duration != null" - } - }, { - "remove": { - "field": "temp.duration", - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] -} diff --git a/filebeat/module/postgresql/log/ingest/pipeline.yml b/filebeat/module/postgresql/log/ingest/pipeline.yml new file mode 100644 index 00000000000..bd7fbd69e7d --- /dev/null +++ b/filebeat/module/postgresql/log/ingest/pipeline.yml @@ -0,0 +1,57 @@ +description: Pipeline for parsing PostgreSQL logs. +processors: +- grok: + field: message + ignore_missing: true + patterns: + - '^%{DATETIME:postgresql.log.timestamp} \[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\] + ((\[%{USERNAME:user.name}\]@\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) + )?%{WORD:log.level}: (?:%{NUMBER:postgresql.log.error.code:long}|%{SPACE})(duration: + %{NUMBER:temp.duration:float} ms %{POSTGRESQL_QUERY_STEP}: %{GREEDYDATA:postgresql.log.query}|: + %{GREEDYDATA:message}|%{GREEDYDATA:message})' + pattern_definitions: + DATETIME: '[-0-9]+ %{TIME} %{WORD:event.timezone}' + GREEDYDATA: |- + (.| + | )* + POSTGRESQL_DB_NAME: '[a-zA-Z0-9_]+[a-zA-Z0-9_\$]*' + POSTGRESQL_QUERY_STEP: '%{WORD:postgresql.log.query_step}(?: | %{WORD:postgresql.log.query_name})?' +- date: + field: postgresql.log.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS zz + - yyyy-MM-dd HH:mm:ss zz +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- set: + field: event.kind + value: event +- append: + field: event.category + value: + - database +- append: + field: event.type + value: + - info +- append: + field: event.type + value: + - error + if: "ctx?.postgresql?.log?.error?.code != null && ctx.postgresql.log.error.code >= 02000" +- append: + field: related.user + value: "{{user.name}}" + if: "ctx?.user?.name != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/postgresql/log/manifest.yml b/filebeat/module/postgresql/log/manifest.yml index e5ab4a9a69c..ade6e2899de 100644 --- a/filebeat/module/postgresql/log/manifest.yml +++ b/filebeat/module/postgresql/log/manifest.yml @@ -9,5 +9,5 @@ var: os.windows: - "c:/Program Files/PostgreSQL/*/logs/*.log*" -ingest_pipeline: ingest/pipeline.json +ingest_pipeline: ingest/pipeline.yml input: config/log.yml diff --git a/filebeat/module/postgresql/log/test/postgresql-11.4.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-11.4.log-expected.json index 2c347c87c6a..2d95ce2fd0e 100644 --- a/filebeat/module/postgresql/log/test/postgresql-11.4.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-11.4.log-expected.json @@ -1,9 +1,16 @@ [ { "@timestamp": "2019-07-23T12:06:24.406Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -16,9 +23,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.406Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -30,9 +44,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.478Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -45,9 +66,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.478Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -59,9 +87,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.485Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -74,9 +109,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.485Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -88,9 +130,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.485Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -103,9 +152,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.485Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -117,9 +173,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.485Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -132,9 +195,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.485Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -146,9 +216,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.507Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -161,9 +238,16 @@ }, { "@timestamp": "2019-07-23T12:06:24.507Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -175,9 +259,16 @@ }, { "@timestamp": "2019-07-23T12:06:30.536Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -190,9 +281,16 @@ }, { "@timestamp": "2019-07-23T12:06:30.536Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -204,9 +302,16 @@ }, { "@timestamp": "2019-07-23T12:06:30.537Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -219,9 +324,16 @@ }, { "@timestamp": "2019-07-23T12:06:30.537Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -233,9 +345,16 @@ }, { "@timestamp": "2019-07-23T12:06:33.732Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -248,9 +367,16 @@ }, { "@timestamp": "2019-07-23T12:06:33.732Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -262,9 +388,17 @@ }, { "@timestamp": "2019-07-23T12:06:33.732Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info", + "error" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -277,9 +411,16 @@ }, { "@timestamp": "2019-07-23T12:06:33.732Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -291,9 +432,16 @@ }, { "@timestamp": "2019-07-23T12:06:33.732Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -305,9 +453,16 @@ }, { "@timestamp": "2019-07-23T12:06:34.877Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -320,9 +475,16 @@ }, { "@timestamp": "2019-07-23T12:06:34.877Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -334,9 +496,16 @@ }, { "@timestamp": "2019-07-23T12:06:34.878Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -349,9 +518,16 @@ }, { "@timestamp": "2019-07-23T12:06:34.878Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -363,9 +539,16 @@ }, { "@timestamp": "2019-07-23T12:09:57.563Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -378,9 +561,16 @@ }, { "@timestamp": "2019-07-23T12:09:57.563Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", @@ -392,9 +582,16 @@ }, { "@timestamp": "2019-07-23T12:09:57.565Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -407,9 +604,16 @@ }, { "@timestamp": "2019-07-23T12:09:57.565Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOCATION", diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json index 201c50cb0b7..280547f6b29 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json @@ -1,9 +1,16 @@ [ { "@timestamp": "2017-07-31T11:36:42.585Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -15,9 +22,16 @@ }, { "@timestamp": "2017-07-31T11:36:42.605Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -29,9 +43,16 @@ }, { "@timestamp": "2017-07-31T11:36:42.615Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -43,9 +64,16 @@ }, { "@timestamp": "2017-07-31T11:36:42.616Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -57,9 +85,16 @@ }, { "@timestamp": "2017-07-31T11:36:42.956Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -68,15 +103,25 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-07-31 13:36:42.956 CEST", "process.pid": 4980, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-07-31T11:36:43.557Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 37118000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -90,15 +135,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:36:43.557 CEST", "process.pid": 4983, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:36:44.104Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 2895000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -112,15 +167,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:36:44.104 CEST", "process.pid": 4986, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:36:44.642Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 2809000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -134,14 +199,24 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:36:44.642 CEST", "process.pid": 4989, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:39:16.249Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -150,14 +225,24 @@ "postgresql.log.database": "users", "postgresql.log.timestamp": "2017-07-31 13:39:16.249 CEST", "process.pid": 5407, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:39:17.945Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -166,15 +251,25 @@ "postgresql.log.database": "user", "postgresql.log.timestamp": "2017-07-31 13:39:17.945 CEST", "process.pid": 5500, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:39:21.025Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 37598000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -188,15 +283,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:39:21.025 CEST", "process.pid": 5404, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:39:31.619Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 9482000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -207,15 +312,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:39:31.619 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:39:40.147Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 765000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -226,15 +341,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:39:40.147 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:40:54.310Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", - "event.duration": 26082001, + "event.duration": 26082000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -248,15 +373,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:40:54.310 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:43:22.645Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", - "event.duration": 36161999, + "event.duration": 36162000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -267,15 +402,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:43:22.645 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:46:02.670Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 10540000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -286,15 +431,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:46:02.670 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:46:23.016Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 5156000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -305,15 +460,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:46:23.016 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T11:46:55.637Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 25871000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -324,15 +489,25 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-07-31 13:46:55.637 CEST", "process.pid": 5502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2019-05-06T19:00:04.511Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 753000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -346,6 +521,9 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2019-05-06 19:00:04.511 UTC", "process.pid": 913763, + "related.user": [ + "elastic" + ], "service.type": "postgresql", "user.name": "elastic" } diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json index dbd1e12dd49..76f1bd2f065 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json @@ -1,9 +1,16 @@ [ { "@timestamp": "2017-04-03T20:32:14.322Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -13,14 +20,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 12975, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-04-03T20:32:14.322Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -30,15 +47,25 @@ "postgresql.log.database": "user", "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 5404, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-03T20:35:22.389Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 37598000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -53,14 +80,24 @@ "postgresql.log.query_step": "statement", "postgresql.log.timestamp": "2017-04-03 22:35:22.389 CEST", "process.pid": 5404, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T17:36:43.557Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -73,9 +110,16 @@ }, { "@timestamp": "2017-07-31T17:36:44.227Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -88,9 +132,16 @@ }, { "@timestamp": "2017-07-31T17:46:02.670Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "HINT", @@ -103,9 +154,16 @@ }, { "@timestamp": "2017-07-31T17:46:23.016Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -115,14 +173,24 @@ "postgresql.log.database": "postgres", "postgresql.log.timestamp": "2017-07-31 13:46:23.016 EST", "process.pid": 768, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T17:46:55.637Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -132,6 +200,9 @@ "postgresql.log.database": "postgres", "postgresql.log.timestamp": "2017-07-31 13:46:55.637 EST", "process.pid": 771, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" } diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json index 9737568df83..9a1d8b1b5fa 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json @@ -1,9 +1,16 @@ [ { "@timestamp": "2017-07-31T17:36:43.000Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -16,9 +23,16 @@ }, { "@timestamp": "2017-07-31T17:36:44.000Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -31,9 +45,16 @@ }, { "@timestamp": "2017-07-31T17:46:02.000Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "HINT", @@ -46,9 +67,16 @@ }, { "@timestamp": "2017-07-31T17:46:23.000Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -58,14 +86,24 @@ "postgresql.log.database": "postgres", "postgresql.log.timestamp": "2017-07-31 13:46:23 EST", "process.pid": 768, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-07-31T17:46:55.000Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "EST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -75,6 +113,9 @@ "postgresql.log.database": "postgres", "postgresql.log.timestamp": "2017-07-31 13:46:55 EST", "process.pid": 771, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" } diff --git a/filebeat/module/postgresql/log/test/postgresql-query-steps-slowlog.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-query-steps-slowlog.log-expected.json index 273499e8634..cec040589ab 100644 --- a/filebeat/module/postgresql/log/test/postgresql-query-steps-slowlog.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-query-steps-slowlog.log-expected.json @@ -1,10 +1,17 @@ [ { "@timestamp": "2019-09-04T13:52:38.004Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 12437000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -15,15 +22,25 @@ "postgresql.log.query_step": "parse", "postgresql.log.timestamp": "2019-09-04 15:52:38.004 CEST", "process.pid": 31136, + "related.user": [ + "user" + ], "service.type": "postgresql", "user.name": "user" }, { "@timestamp": "2019-09-04T13:52:38.004Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", "event.duration": 12437000, + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.flags": [ @@ -38,6 +55,9 @@ "postgresql.log.query_step": "execute", "postgresql.log.timestamp": "2019-09-04 15:52:38.004 CEST", "process.pid": 31136, + "related.user": [ + "user" + ], "service.type": "postgresql", "user.name": "user" } diff --git a/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json index 0d1b3df95b5..f1248d53e45 100644 --- a/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json @@ -1,9 +1,16 @@ [ { "@timestamp": "2017-04-03T20:32:14.322Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -12,14 +19,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 31225, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-03T20:32:14.322Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -28,14 +45,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 31225, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-03T20:35:22.389Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -44,14 +71,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-03 22:35:22.389 CEST", "process.pid": 3474, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-03T20:36:56.464Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -60,14 +97,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-03 22:36:56.464 CEST", "process.pid": 3525, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-03T20:37:12.961Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -76,14 +123,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-03 22:37:12.961 CEST", "process.pid": 3570, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T19:05:28.549Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -92,14 +149,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 21:05:28.549 CEST", "process.pid": 21483, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T19:09:41.345Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -108,14 +175,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 21:09:41.345 CEST", "process.pid": 21597, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T20:45:30.218Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -124,14 +201,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T20:45:30.218Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "HINT", @@ -140,14 +227,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T20:45:30.218Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -156,14 +253,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T20:46:09.751Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -172,14 +279,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 22:46:09.751 CEST", "process.pid": 22608, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T20:46:09.751Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -188,14 +305,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 22:46:09.751 CEST", "process.pid": 22608, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:02:51.199Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -204,14 +331,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:02:51.199 CEST", "process.pid": 24341, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:02:51.199Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -220,14 +357,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:02:51.199 CEST", "process.pid": 24341, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:04:36.087Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -236,14 +383,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:04:36.087 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:04:36.087Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -252,14 +409,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:04:36.087 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:04:51.462Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -268,14 +435,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:04:51.462 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:04:51.462Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -284,14 +461,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:04:51.462 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:05:06.217Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -300,14 +487,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:05:06.217 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:05:06.217Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -316,14 +513,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:05:06.217 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:05:18.295Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -332,14 +539,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:05:18.295 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:05:18.295Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -348,14 +565,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:05:18.295 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:13:47.505Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -364,14 +591,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:13:47.505 CEST", "process.pid": 24489, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-07T21:13:47.505Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -380,14 +617,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-07 23:13:47.505 CEST", "process.pid": 24489, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-08T10:32:51.056Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "ERROR", @@ -396,14 +643,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-08T10:32:51.056Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "DETAIL", @@ -412,14 +669,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-08T10:32:51.056Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "STATEMENT", @@ -428,14 +695,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-08T19:54:37.443Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -444,14 +721,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-08 21:54:37.443 CEST", "process.pid": 30630, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-08T19:54:37.468Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -460,14 +747,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-04-08 21:54:37.468 CEST", "process.pid": 30502, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-04-08T19:54:37.618Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -479,9 +776,16 @@ }, { "@timestamp": "2017-04-08T19:54:37.618Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -493,9 +797,16 @@ }, { "@timestamp": "2017-04-08T19:54:37.618Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -507,9 +818,16 @@ }, { "@timestamp": "2017-04-08T19:54:37.622Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -521,9 +839,16 @@ }, { "@timestamp": "2017-04-08T19:54:37.644Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -535,9 +860,16 @@ }, { "@timestamp": "2017-04-08T19:56:02.932Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -549,9 +881,16 @@ }, { "@timestamp": "2017-04-08T19:56:02.944Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -563,9 +902,16 @@ }, { "@timestamp": "2017-04-08T19:56:02.946Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -577,9 +923,16 @@ }, { "@timestamp": "2017-04-08T19:56:02.947Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -591,9 +944,16 @@ }, { "@timestamp": "2017-04-08T19:56:03.362Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -602,14 +962,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-04-08 21:56:03.362 CEST", "process.pid": 891, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-05-27T14:07:53.007Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -621,9 +991,16 @@ }, { "@timestamp": "2017-05-27T14:07:53.010Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -635,9 +1012,16 @@ }, { "@timestamp": "2017-05-27T14:07:53.015Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -649,9 +1033,16 @@ }, { "@timestamp": "2017-05-27T14:07:53.016Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -663,9 +1054,16 @@ }, { "@timestamp": "2017-05-27T14:07:53.463Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -674,14 +1072,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-05-27 14:07:53.463 UTC", "process.pid": 32573, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-05-27T14:08:13.661Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "FATAL", @@ -690,14 +1098,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-05-27 14:08:13.661 UTC", "process.pid": 1308, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-05-27T14:59:26.553Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -706,14 +1124,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-05-27 14:59:26.553 UTC", "process.pid": 1994, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-05-27T14:59:26.555Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "UTC", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -722,14 +1150,24 @@ "postgresql.log.database": "mydb", "postgresql.log.timestamp": "2017-05-27 14:59:26.555 UTC", "process.pid": 1989, + "related.user": [ + "postgres" + ], "service.type": "postgresql", "user.name": "postgres" }, { "@timestamp": "2017-06-06T05:54:13.753Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -741,9 +1179,16 @@ }, { "@timestamp": "2017-06-06T05:54:13.753Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -755,9 +1200,16 @@ }, { "@timestamp": "2017-06-06T05:54:13.753Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -769,9 +1221,16 @@ }, { "@timestamp": "2017-06-06T05:54:13.755Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -783,9 +1242,16 @@ }, { "@timestamp": "2017-06-06T05:54:13.816Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -797,9 +1263,16 @@ }, { "@timestamp": "2017-06-06T05:55:39.725Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -811,9 +1284,16 @@ }, { "@timestamp": "2017-06-06T05:55:39.736Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -825,9 +1305,16 @@ }, { "@timestamp": "2017-06-06T05:55:39.739Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -839,9 +1326,16 @@ }, { "@timestamp": "2017-06-06T05:55:39.739Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -853,9 +1347,16 @@ }, { "@timestamp": "2017-06-06T05:55:40.155Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -864,14 +1365,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-06-06 07:55:40.155 CEST", "process.pid": 12975, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-06-06T05:55:40.156Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -880,14 +1391,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-06-06 07:55:40.156 CEST", "process.pid": 12975, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-06-10T17:37:30.681Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -899,9 +1420,16 @@ }, { "@timestamp": "2017-06-10T17:37:30.695Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -913,9 +1441,16 @@ }, { "@timestamp": "2017-06-10T17:37:30.702Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -927,9 +1462,16 @@ }, { "@timestamp": "2017-06-10T17:37:30.702Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -941,9 +1483,16 @@ }, { "@timestamp": "2017-06-10T17:37:31.104Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -952,14 +1501,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-06-10 19:37:31.104 CEST", "process.pid": 17404, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-06-10T18:27:55.911Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -971,9 +1530,16 @@ }, { "@timestamp": "2017-06-10T18:27:55.911Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -985,9 +1551,16 @@ }, { "@timestamp": "2017-06-10T18:27:55.911Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -999,9 +1572,16 @@ }, { "@timestamp": "2017-06-10T18:27:55.914Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1013,9 +1593,16 @@ }, { "@timestamp": "2017-06-10T18:27:55.973Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1027,9 +1614,16 @@ }, { "@timestamp": "2017-06-10T18:27:57.022Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1041,9 +1635,16 @@ }, { "@timestamp": "2017-06-10T18:27:57.032Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1055,9 +1656,16 @@ }, { "@timestamp": "2017-06-10T18:27:57.035Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1069,9 +1677,16 @@ }, { "@timestamp": "2017-06-10T18:27:57.035Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1083,9 +1698,16 @@ }, { "@timestamp": "2017-06-10T18:27:57.475Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1094,14 +1716,24 @@ "postgresql.log.database": "unknown", "postgresql.log.timestamp": "2017-06-10 20:27:57.475 CEST", "process.pid": 24496, + "related.user": [ + "unknown" + ], "service.type": "postgresql", "user.name": "unknown" }, { "@timestamp": "2017-06-17T14:58:03.937Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1113,9 +1745,16 @@ }, { "@timestamp": "2017-06-17T14:58:03.937Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1127,9 +1766,16 @@ }, { "@timestamp": "2017-06-17T14:58:03.938Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1141,9 +1787,16 @@ }, { "@timestamp": "2017-06-17T14:58:03.940Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG", @@ -1155,9 +1808,16 @@ }, { "@timestamp": "2017-06-17T14:58:04.040Z", + "event.category": [ + "database" + ], "event.dataset": "postgresql.log", + "event.kind": "event", "event.module": "postgresql", "event.timezone": "CEST", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.level": "LOG",