github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[fleet] Add two Agent Detail page stories to Storybook (#113066)

Browse source
This commit is contained in:
Clint Andrew Hall 2021-09-29 12:10:49 -05:00 committed by GitHub
parent a4d4e5b316
commit 521bd35668
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 1852 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

35
x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/detail.stories.tsx Normal file
View file

@ -0,0 +1,35 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import React from 'react';
import { MemoryRouter, Route } from 'react-router-dom';
import { INTEGRATIONS_ROUTING_PATHS } from '../../../../constants';
import { Detail as Component } from '.';
export default {
component: Component,
title: 'Sections/EPM/Detail',
};
export const nginx = () => (
<MemoryRouter initialEntries={['/detail/nginx-1.1.0/overview']}>
<Route path={INTEGRATIONS_ROUTING_PATHS.integration_details_overview}>
<Component />
</Route>
</MemoryRouter>
);
export const okta = () => (
<MemoryRouter initialEntries={['/detail/okta-1.2.0/overview']}>
<Route path={INTEGRATIONS_ROUTING_PATHS.integration_details_overview}>
<Component />
</Route>
</MemoryRouter>
);

9
x-pack/plugins/fleet/storybook/context/application.ts
View file

@ -22,7 +22,14 @@ export const getApplication = () => {
action(`Navigate to: ${app}`);
},
getUrlForApp: (url: string) => url,
capabilities: {} as ApplicationStart['capabilities'],
capabilities: {
catalogue: {},
management: {},
navLinks: {},
fleet: {
write: true,
},
},
applications$: of(applications),
};

664
x-pack/plugins/fleet/storybook/context/fixtures/integration.nginx.ts Normal file
View file

@ -0,0 +1,664 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { GetInfoResponse } from '../../../public/types';
import { KibanaAssetType, ElasticsearchAssetType } from '../../../common/types';
export const response: GetInfoResponse['response'] = {
name: 'nginx',
title: 'Nginx',
version: '0.7.0',
release: 'experimental',
description: 'Nginx Integration',
type: 'integration',
download: '/epr/nginx/nginx-0.7.0.zip',
path: '/package/nginx/0.7.0',
icons: [
{
src: '/img/logo_nginx.svg',
path: '/package/nginx/0.7.0/img/logo_nginx.svg',
title: 'logo nginx',
size: '32x32',
type: 'image/svg+xml',
},
],
format_version: '1.0.0',
readme: '/package/nginx/0.7.0/docs/README.md',
license: 'basic',
categories: ['web', 'security'],
conditions: {
kibana: { version: '^7.14.0' },
},
screenshots: [
{
src: '/img/nginx-metrics-overview.png',
path: '/package/nginx/0.7.0/img/nginx-metrics-overview.png',
title: 'Nginx metrics overview',
size: '3360x2302',
type: 'image/png',
},
{
src: '/img/nginx-logs-access-error.png',
path: '/package/nginx/0.7.0/img/nginx-logs-access-error.png',
title: 'Nginx access and error logs',
size: '3360x3590',
type: 'image/png',
},
{
src: '/img/nginx-logs-overview.png',
path: '/package/nginx/0.7.0/img/nginx-logs-overview.png',
title: 'Nginx logs overview',
size: '3360x3590',
type: 'image/png',
},
],
assets: {
kibana: {
dashboard: [
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.dashboard,
file: 'nginx-023d2930-f1a5-11e7-a9ef-93c69af7b129.json',
// path: '-0.7.0/kibana/dashboard/nginx-023d2930-f1a5-11e7-a9ef-93c69af7b129.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.dashboard,
file: 'nginx-046212a0-a2a1-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/dashboard/nginx-046212a0-a2a1-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.dashboard,
file: 'nginx-55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/dashboard/nginx-55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json',
},
],
ml_module: [
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.mlModule,
file: 'nginx-Logs-ml.json',
// path: 'nginx-0.7.0/kibana/ml_module/nginx-Logs-ml.json',
},
],
search: [
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.search,
file: 'nginx-6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/search/nginx-6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.search,
file: 'nginx-9eb25600-a1f0-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/search/nginx-9eb25600-a1f0-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.search,
file: 'nginx-Logs-Nginx-integration.json',
// path: 'nginx-0.7.0/kibana/search/nginx-Logs-Nginx-integration.json',
},
],
visualization: [
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-0dd6f320-a29f-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-0dd6f320-a29f-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-46322e50-a1f6-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-46322e50-a1f6-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-47a8e0f0-f1a4-11e7-a9ef-93c69af7b129.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-47a8e0f0-f1a4-11e7-a9ef-93c69af7b129.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-555df8a0-f1a1-11e7-a9ef-93c69af7b129.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-555df8a0-f1a1-11e7-a9ef-93c69af7b129.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-7cc9ea40-3af8-11eb-94b7-0dab91df36a6.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-7cc9ea40-3af8-11eb-94b7-0dab91df36a6.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-823b3c80-3af9-11eb-94b7-0dab91df36a6.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-823b3c80-3af9-11eb-94b7-0dab91df36a6.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-9184fa00-a1f5-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-9184fa00-a1f5-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-9484ecf0-3af5-11eb-94b7-0dab91df36a6.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-9484ecf0-3af5-11eb-94b7-0dab91df36a6.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-97109780-a2a5-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-97109780-a2a5-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-Access-Browsers.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-Access-Browsers.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-Access-Map.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-Access-Map.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-Access-OSes.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-Access-OSes.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-a1d92240-f1a1-11e7-a9ef-93c69af7b129.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-a1d92240-f1a1-11e7-a9ef-93c69af7b129.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-b70b1b20-a1f4-11e7-928f-5dbe6f6f5519.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-b70b1b20-a1f4-11e7-928f-5dbe6f6f5519.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-d763a570-f1a1-11e7-a9ef-93c69af7b129.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-d763a570-f1a1-11e7-a9ef-93c69af7b129.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-dcbffe30-f1a4-11e7-a9ef-93c69af7b129.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-dcbffe30-f1a4-11e7-a9ef-93c69af7b129.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-e302b5a0-3afb-11eb-94b7-0dab91df36a6.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-e302b5a0-3afb-11eb-94b7-0dab91df36a6.json',
},
{
pkgkey: 'nginx-0.7.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'nginx-ea7f9e10-3af6-11eb-94b7-0dab91df36a6.json',
// path: 'nginx-0.7.0/kibana/visualization/nginx-ea7f9e10-3af6-11eb-94b7-0dab91df36a6.json',
},
],
// TODO: These were missing from the response, but typed to be required.
index_pattern: [],
lens: [],
map: [],
security_rule: [],
},
elasticsearch: {
ingest_pipeline: [
{
pkgkey: 'nginx-0.7.0',
service: 'elasticsearch',
type: ElasticsearchAssetType.ingestPipeline,
file: 'default.yml',
dataset: 'access',
// path: 'nginx-0.7.0/data_stream/access/elasticsearch/ingest_pipeline/default.yml',
},
{
pkgkey: 'nginx-0.7.0',
service: 'elasticsearch',
type: ElasticsearchAssetType.ingestPipeline,
file: 'third-party.yml',
dataset: 'access',
// path: 'nginx-0.7.0/data_stream/access/elasticsearch/ingest_pipeline/third-party.yml',
},
{
pkgkey: 'nginx-0.7.0',
service: 'elasticsearch',
type: ElasticsearchAssetType.ingestPipeline,
file: 'default.yml',
dataset: 'error',
// path: 'nginx-0.7.0/data_stream/error/elasticsearch/ingest_pipeline/default.yml',
},
{
pkgkey: 'nginx-0.7.0',
service: 'elasticsearch',
type: ElasticsearchAssetType.ingestPipeline,
file: 'third-party.yml',
dataset: 'error',
// path: 'nginx-0.7.0/data_stream/error/elasticsearch/ingest_pipeline/third-party.yml',
},
],
// TODO: These were missing from the response, but typed to be required.
component_template: [],
data_stream_ilm_policy: [],
ilm_policy: [],
index_template: [],
transform: [],
},
},
policy_templates: [
{
name: 'nginx',
title: 'Nginx logs and metrics',
description: 'Collect logs and metrics from Nginx instances',
inputs: [
{
type: 'logfile',
title: 'Collect logs from Nginx instances',
description: 'Collecting Nginx access and error logs',
},
{
type: 'httpjson',
vars: [
{
name: 'url',
type: 'text',
title: 'URL of Splunk Enterprise Server',
description: 'i.e. scheme://host:port, path is automatic',
multi: false,
required: true,
show_user: true,
default: 'https://server.example.com:8089',
},
{
name: 'username',
type: 'text',
title: 'Splunk REST API Username',
multi: false,
required: false,
show_user: true,
},
{
name: 'password',
type: 'password',
title: 'Splunk REST API Password',
multi: false,
required: false,
show_user: true,
},
{
name: 'token',
type: 'password',
title: 'Splunk Authorization Token',
description:
'Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..."\nor "Splunk 192fd3e...". Cannot be used with username\nand password.\n',
multi: false,
required: false,
show_user: true,
},
{
name: 'ssl',
type: 'yaml',
title: 'SSL Configuration',
description:
'i.e. certificate_authorities, supported_protocols, verification_mode etc.',
multi: false,
required: false,
show_user: false,
default:
'#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n',
},
],
title: 'Collect logs from third-party REST API (experimental)',
description: 'Collect logs from third-party REST API (experimental)',
},
{
type: 'nginx/metrics',
vars: [
{
name: 'hosts',
type: 'text',
title: 'Hosts',
multi: true,
required: true,
show_user: true,
default: ['http://127.0.0.1:80'],
},
],
title: 'Collect metrics from Nginx instances',
description: 'Collecting Nginx stub status metrics',
},
],
multiple: true,
},
],
data_streams: [
{
type: 'logs',
dataset: 'nginx.access',
title: 'Nginx access logs',
release: 'experimental',
ingest_pipeline: 'default',
streams: [
{
input: 'logfile',
vars: [
{
name: 'paths',
type: 'text',
title: 'Paths',
multi: true,
required: true,
show_user: true,
default: ['/var/log/nginx/access.log*'],
},
{
name: 'tags',
type: 'text',
title: 'Tags',
multi: true,
required: true,
show_user: false,
default: ['nginx-access'],
},
{
name: 'preserve_original_event',
type: 'bool',
title: 'Preserve original event',
description:
'Preserves a raw copy of the original event, added to the field `event.original`',
multi: false,
required: true,
show_user: true,
default: false,
},
{
name: 'processors',
type: 'yaml',
title: 'Processors',
description:
'Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n',
multi: false,
required: false,
show_user: false,
},
],
template_path: 'stream.yml.hbs',
title: 'Nginx access logs',
description: 'Collect Nginx access logs',
enabled: true,
},
{
input: 'httpjson',
vars: [
{
name: 'interval',
type: 'text',
title: 'Interval to query Splunk Enterprise REST API',
description: 'Go Duration syntax (eg. 10s)',
multi: false,
required: true,
show_user: true,
default: '10s',
},
{
name: 'search',
type: 'text',
title: 'Splunk search string',
multi: false,
required: true,
show_user: true,
default: 'search sourcetype=nginx:plus:access',
},
{
name: 'tags',
type: 'text',
title: 'Tags',
multi: true,
required: false,
show_user: false,
default: ['forwarded', 'nginx-access'],
},
{
name: 'preserve_original_event',
type: 'bool',
title: 'Preserve original event',
description:
'Preserves a raw copy of the original event, added to the field `event.original`',
multi: false,
required: true,
show_user: true,
default: false,
},
{
name: 'processors',
type: 'yaml',
title: 'Processors',
description:
'Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.',
multi: false,
required: false,
show_user: false,
},
],
template_path: 'httpjson.yml.hbs',
title: 'Nginx access logs via Splunk Enterprise REST API',
description: 'Collect Nginx access logs via Splunk Enterprise REST API',
enabled: false,
},
],
package: 'nginx',
path: 'access',
},
{
type: 'logs',
dataset: 'nginx.error',
title: 'Nginx error logs',
release: 'experimental',
ingest_pipeline: 'default',
streams: [
{
input: 'logfile',
vars: [
{
name: 'paths',
type: 'text',
title: 'Paths',
multi: true,
required: true,
show_user: true,
default: ['/var/log/nginx/error.log*'],
},
{
name: 'tags',
type: 'text',
title: 'Tags',
multi: true,
required: true,
show_user: false,
default: ['nginx-error'],
},
{
name: 'preserve_original_event',
type: 'bool',
title: 'Preserve original event',
description:
'Preserves a raw copy of the original event, added to the field `event.original`',
multi: false,
required: true,
show_user: true,
default: false,
},
{
name: 'processors',
type: 'yaml',
title: 'Processors',
description:
'Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n',
multi: false,
required: false,
show_user: false,
},
],
template_path: 'stream.yml.hbs',
title: 'Nginx error logs',
description: 'Collect Nginx error logs',
enabled: true,
},
{
input: 'httpjson',
vars: [
{
name: 'interval',
type: 'text',
title: 'Interval to query REST API',
description: 'Go Duration syntax (eg. 10s)',
multi: false,
required: true,
show_user: true,
default: '10s',
},
{
name: 'search',
type: 'text',
title: 'Search String',
multi: false,
required: true,
show_user: true,
default: 'search sourcetype=nginx:plus:error',
},
{
name: 'tags',
type: 'text',
title: 'Tags',
multi: true,
required: false,
show_user: false,
default: ['forwarded', 'nginx-error'],
},
{
name: 'preserve_original_event',
type: 'bool',
title: 'Preserve original event',
description:
'Preserves a raw copy of the original event, added to the field `event.original`',
multi: false,
required: true,
show_user: true,
default: false,
},
{
name: 'processors',
type: 'yaml',
title: 'Processors',
description:
'Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.',
multi: false,
required: false,
show_user: false,
},
],
template_path: 'httpjson.yml.hbs',
title: 'Nginx error logs via Splunk REST API',
description: 'Collect Nginx error logs via Splunk REST API',
enabled: false,
},
],
package: 'nginx',
path: 'error',
},
{
type: 'metrics',
dataset: 'nginx.stubstatus',
title: 'Nginx stubstatus metrics',
release: 'experimental',
streams: [
{
input: 'nginx/metrics',
vars: [
{
name: 'period',
type: 'text',
title: 'Period',
multi: false,
required: true,
show_user: true,
default: '10s',
},
{
name: 'server_status_path',
type: 'text',
title: 'Server Status Path',
multi: false,
required: true,
show_user: false,
default: '/nginx_status',
},
],
template_path: 'stream.yml.hbs',
title: 'Nginx stub status metrics',
description: 'Collect Nginx stub status metrics',
enabled: true,
},
],
package: 'nginx',
path: 'stubstatus',
},
],
owner: {
github: 'elastic/integrations',
},
latestVersion: '0.7.0',
removable: true,
status: 'not_installed',
};

263
x-pack/plugins/fleet/storybook/context/fixtures/integration.okta.ts Normal file
View file

@ -0,0 +1,263 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { GetInfoResponse } from '../../../public/types';
import { KibanaAssetType, ElasticsearchAssetType } from '../../../common/types';
export const response: GetInfoResponse['response'] = {
name: 'okta',
title: 'Okta',
version: '1.2.0',
release: 'ga',
description: 'This Elastic integration collects events from Okta',
type: 'integration',
download: '/epr/okta/okta-1.2.0.zip',
// path: '/package/okta/1.2.0',
icons: [
{
src: '/img/okta-logo.svg',
// path: '/package/okta/1.2.0/img/okta-logo.svg',
title: 'Okta',
size: '216x216',
type: 'image/svg+xml',
},
],
format_version: '1.0.0',
readme: '/package/okta/1.2.0/docs/README.md',
license: 'basic',
categories: ['security'],
conditions: {
kibana: { version: '^7.14.0' },
},
screenshots: [
{
src: '/img/filebeat-okta-dashboard.png',
// path: '/package/okta/1.2.0/img/filebeat-okta-dashboard.png',
title: 'Okta Dashboard',
size: '1024x662',
type: 'image/png',
},
],
assets: {
kibana: {
dashboard: [
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.dashboard,
file: 'okta-749203a0-67b1-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json',
},
],
map: [
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.map,
file: 'okta-281ca660-67b1-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json',
},
],
search: [
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.search,
file: 'okta-21028750-67ca-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/search/okta-21028750-67ca-11ea-a76f-bf44814e437d.json',
},
],
visualization: [
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json',
},
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json',
},
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json',
},
{
pkgkey: 'okta-1.2.0',
service: 'kibana',
type: KibanaAssetType.visualization,
file: 'okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json',
// path: 'okta-1.2.0/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json',
},
],
// TODO: These were missing from the response, but typed to be required.
index_pattern: [],
lens: [],
ml_module: [],
security_rule: [],
},
elasticsearch: {
ingest_pipeline: [
{
pkgkey: 'okta-1.2.0',
service: 'elasticsearch',
type: ElasticsearchAssetType.ingestPipeline,
file: 'default.yml',
dataset: 'system',
// path: 'okta-1.2.0/data_stream/system/elasticsearch/ingest_pipeline/default.yml',
},
],
// TODO: These were missing from the response, but typed to be required.
component_template: [],
data_stream_ilm_policy: [],
ilm_policy: [],
index_template: [],
transform: [],
},
},
policy_templates: [
{
name: 'okta',
title: 'Okta logs',
description: 'Collect logs from Okta',
inputs: [
{
type: 'httpjson',
vars: [
{
name: 'api_key',
type: 'text',
title: 'API Key',
multi: false,
required: false,
show_user: true,
},
{
name: 'http_client_timeout',
type: 'text',
title: 'HTTP Client Timeout',
multi: false,
required: false,
show_user: true,
},
{
name: 'interval',
type: 'text',
title: 'Interval',
multi: false,
required: true,
show_user: true,
default: '60s',
},
{
name: 'initial_interval',
type: 'text',
title: 'Initial Interval',
multi: false,
required: true,
show_user: true,
default: '24h',
},
{
name: 'ssl',
type: 'yaml',
title: 'SSL',
multi: false,
required: false,
show_user: true,
},
{
name: 'url',
type: 'text',
title: 'Okta System Log API Url',
multi: false,
required: false,
show_user: true,
},
{
name: 'proxy_url',
type: 'text',
title: 'Proxy URL',
description:
'URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>',
multi: false,
required: false,
show_user: false,
},
],
title: 'Collect Okta logs via API',
description: 'Collecting logs from Okta via API',
},
],
multiple: true,
},
],
data_streams: [
{
type: 'logs',
dataset: 'okta.system',
title: 'Okta system logs',
release: 'experimental',
ingest_pipeline: 'default',
streams: [
{
input: 'httpjson',
vars: [
{
name: 'tags',
type: 'text',
title: 'Tags',
multi: true,
required: true,
show_user: false,
default: ['forwarded', 'okta-system'],
},
{
name: 'preserve_original_event',
type: 'bool',
title: 'Preserve original event',
description:
'Preserves a raw copy of the original event, added to the field `event.original`',
multi: false,
required: true,
show_user: true,
default: false,
},
{
name: 'processors',
type: 'yaml',
title: 'Processors',
description:
'Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n',
multi: false,
required: false,
show_user: false,
},
],
template_path: 'httpjson.yml.hbs',
title: 'Okta system logs',
description: 'Collect Okta system logs',
enabled: true,
},
],
package: 'okta',
path: 'system',
},
],
owner: {
github: 'elastic/security-external-integrations',
},
latestVersion: '1.2.0',
removable: true,
status: 'not_installed',
};

515
x-pack/plugins/fleet/storybook/context/fixtures/readme.nginx.ts Normal file
View file

@ -0,0 +1,515 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export const readme = `# Nginx Integration
This integration periodically fetches metrics from [Nginx](https://nginx.org/) servers. It can parse access and error
logs created by the HTTP server.
## Compatibility
The Nginx \`stubstatus\` metrics was tested with Nginx 1.19.5 and are expected to work with all version >= 1.9.
The logs were tested with version 1.19.5.
On Windows, the module was tested with Nginx installed from the Chocolatey repository.
## Logs
**Timezone support**
This datasource parses logs that dont contain timezone information. For these logs, the Elastic Agent reads the local
timezone and uses it when parsing to convert the timestamp to UTC. The timezone to be used for parsing is included
in the event in the \`event.timezone\` field.
To disable this conversion, the event.timezone field can be removed with the drop_fields processor.
If logs are originated from systems or applications with a different timezone to the local one, the \`event.timezone\`
field can be overwritten with the original timezone using the add_fields processor.
### Access Logs
Access logs collects the nginx access logs.
An example event for \`access\` looks as following:
\`\`\`json
{
"agent": {
"hostname": "a73e7856c209",
"name": "a73e7856c209",
"id": "3987d2b3-b40a-4aa0-99fc-478f9d7079ea",
"ephemeral_id": "6d41da1c-5f71-4bd4-b326-a8913bfaa884",
"type": "filebeat",
"version": "7.11.0"
},
"nginx": {
"access": {
"remote_ip_list": [
"127.0.0.1"
]
}
},
"log": {
"file": {
"path": "/tmp/service_logs/access.log"
},
"offset": 0
},
"elastic_agent": {
"id": "5ca3af72-37c3-48b6-92e8-176d154bb66f",
"version": "7.11.0",
"snapshot": true
},
"source": {
"address": "127.0.0.1",
"ip": "127.0.0.1"
},
"url": {
"original": "/server-status"
},
"input": {
"type": "log"
},
"@timestamp": "2020-12-03T11:41:57.000Z",
"ecs": {
"version": "1.6.0"
},
"related": {
"ip": [
"127.0.0.1"
]
},
"data_stream": {
"namespace": "ep",
"type": "logs",
"dataset": "nginx.access"
},
"host": {
"hostname": "a73e7856c209",
"os": {
"kernel": "4.9.184-linuxkit",
"codename": "Core",
"name": "CentOS Linux",
"family": "redhat",
"version": "7 (Core)",
"platform": "centos"
},
"containerized": true,
"ip": [
"192.168.80.6"
],
"name": "a73e7856c209",
"id": "06c26569966fd125c15acac5d7feffb6",
"mac": [
"02:42:c0:a8:50:06"
],
"architecture": "x86_64"
},
"http": {
"request": {
"method": "get"
},
"response": {
"status_code": 200,
"body": {
"bytes": 97
}
},
"version": "1.1"
},
"event": {
"timezone": "+00:00",
"created": "2020-12-03T11:42:17.116Z",
"kind": "event",
"category": [
"web"
],
"type": [
"access"
],
"dataset": "nginx.access",
"outcome": "success"
},
"user_agent": {
"original": "curl/7.64.0",
"name": "curl",
"device": {
"name": "Other"
},
"version": "7.64.0"
}
}
\`\`\`
**Exported fields**
| Field | Description | Type |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| @timestamp | Event timestamp. | date |
| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
| cloud.availability_zone | Availability zone in which this host is running. | keyword |
| cloud.image.id | Image ID for the cloud instance. | keyword |
| cloud.instance.id | Instance ID of the host machine. | keyword |
| cloud.instance.name | Instance name of the host machine. | keyword |
| cloud.machine.type | Machine type of the host machine. | keyword |
| cloud.project.id | Name of the project in Google Cloud. | keyword |
| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
| cloud.region | Region in which this host is running. | keyword |
| container.id | Unique container id. | keyword |
| container.image.name | Name of the image the container was built on. | keyword |
| container.labels | Image labels. | object |
| container.name | Container name. | keyword |
| data_stream.dataset | Data stream dataset. | constant_keyword |
| data_stream.namespace | Data stream namespace. | constant_keyword |
| data_stream.type | Data stream type. | constant_keyword |
| destination.domain | Destination domain. | keyword |
| destination.ip | IP address of the destination. | ip |
| destination.port | Port of the destination. | long |
| ecs.version | ECS version | keyword |
| event.created | Date/time when the event was first read by an agent, or by your pipeline. | date |
| event.dataset | Event dataset | constant_keyword |
| event.module | Event module | constant_keyword |
| host.architecture | Operating system architecture. | keyword |
| host.containerized | If the host is a container. | boolean |
| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
| host.hostname | Hostname of the host. It normally contains what the \`hostname\` command returns on the host machine. | keyword |
| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of \`beat.name\`. | keyword |
| host.ip | Host ip addresses. | ip |
| host.mac | Host mac addresses. | keyword |
| host.name | Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword |
| host.os.build | OS build information. | keyword |
| host.os.codename | OS codename, if any. | keyword |
| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword |
| host.os.kernel | Operating system kernel version as a raw string. | keyword |
| host.os.name | Operating system name, without the version. | keyword |
| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword |
| host.os.version | Operating system version as a raw string. | keyword |
| host.type | Type of host. For Cloud providers this can be the machine type like \`t2.medium\`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
| http.request.method | HTTP request method. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword |
| http.request.referrer | Referrer for this HTTP request. | keyword |
| http.response.body.bytes | Size in bytes of the response body. | long |
| http.response.status_code | HTTP response status code. | long |
| http.version | HTTP version. | keyword |
| input.type | Input type | keyword |
| log.file.path | Log path | keyword |
| log.offset | Log offset | long |
| nginx.access.remote_ip_list | An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like \`X-Forwarded-For\`. Real source IP is restored to \`source.ip\`. | array |
| related.ip | All of the IPs seen on your event. | ip |
| source.address | An IP address, a domain, a unix socket | keyword |
| source.as.number | Unique number allocated to the autonomous system. | long |
| source.as.organization.name | Organization name. | keyword |
| source.geo.city_name | City name. | keyword |
| source.geo.continent_name | Name of the continent. | keyword |
| source.geo.country_iso_code | Country ISO code. | keyword |
| source.geo.country_name | Country name. | keyword |
| source.geo.location | Longitude and latitude. | geo_point |
| source.geo.region_iso_code | Region ISO code. | keyword |
| source.geo.region_name | Region name. | keyword |
| source.ip | IP address of the source | ip |
| tags | List of keywords used to tag each event. | keyword |
| url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the \`domain\` field. If the URL contains a literal IPv6 address enclosed by \`[\` and \`]\` (IETF RFC 2732), the \`[\` and \`]\` characters should also be captured in the \`domain\` field. | keyword |
| url.extension | The field contains the file extension from the original request url. The file extension is only set if it exists, as not every url has a file extension. The leading period must not be included. For example, the value must be "png", not ".png". | keyword |
| url.fragment | Portion of the url after the \`#\`, such as "top". The \`#\` is not part of the fragment. | keyword |
| url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | keyword |
| url.path | Path of the request, such as "/search". | keyword |
| url.scheme | Scheme of the request, such as "https". Note: The \`:\` is not part of the scheme. | keyword |
| user.name | Short name or login of the user. | keyword |
| user_agent.device.name | Name of the device. | keyword |
| user_agent.name | Name of the user agent. | keyword |
| user_agent.original | Unparsed user_agent string. | keyword |
| user_agent.os.full | Operating system name, including the version or code name. | keyword |
| user_agent.os.name | Operating system name, without the version. | keyword |
| user_agent.os.version | Operating system version as a raw string. | keyword |
| user_agent.version | Version of the user agent. | keyword |
### Error Logs
Error logs collects the nginx error logs.
An example event for \`error\` looks as following:
\`\`\`json
{
"agent": {
"hostname": "a73e7856c209",
"name": "a73e7856c209",
"id": "3987d2b3-b40a-4aa0-99fc-478f9d7079ea",
"ephemeral_id": "6d41da1c-5f71-4bd4-b326-a8913bfaa884",
"type": "filebeat",
"version": "7.11.0"
},
"process": {
"pid": 1,
"thread": {
"id": 1
}
},
"nginx": {
"error": {}
},
"log": {
"file": {
"path": "/tmp/service_logs/error.log"
},
"offset": 0,
"level": "warn"
},
"elastic_agent": {
"id": "5ca3af72-37c3-48b6-92e8-176d154bb66f",
"version": "7.11.0",
"snapshot": true
},
"message": "conflicting server name \"localhost\" on 0.0.0.0:80, ignored",
"input": {
"type": "log"
},
"@timestamp": "2020-12-03T11:44:39.000Z",
"ecs": {
"version": "1.6.0"
},
"data_stream": {
"namespace": "ep",
"type": "logs",
"dataset": "nginx.error"
},
"host": {
"hostname": "a73e7856c209",
"os": {
"kernel": "4.9.184-linuxkit",
"codename": "Core",
"name": "CentOS Linux",
"family": "redhat",
"version": "7 (Core)",
"platform": "centos"
},
"containerized": true,
"ip": [
"192.168.80.6"
],
"name": "a73e7856c209",
"id": "06c26569966fd125c15acac5d7feffb6",
"mac": [
"02:42:c0:a8:50:06"
],
"architecture": "x86_64"
},
"event": {
"timezone": "+00:00",
"created": "2020-12-03T11:44:52.803Z",
"kind": "event",
"category": [
"web"
],
"type": [
"error"
],
"dataset": "nginx.error"
}
}
\`\`\`
**Exported fields**
| Field | Description | Type |
| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| @timestamp | Event timestamp. | date |
| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
| cloud.availability_zone | Availability zone in which this host is running. | keyword |
| cloud.image.id | Image ID for the cloud instance. | keyword |
| cloud.instance.id | Instance ID of the host machine. | keyword |
| cloud.instance.name | Instance name of the host machine. | keyword |
| cloud.machine.type | Machine type of the host machine. | keyword |
| cloud.project.id | Name of the project in Google Cloud. | keyword |
| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
| cloud.region | Region in which this host is running. | keyword |
| container.id | Unique container id. | keyword |
| container.image.name | Name of the image the container was built on. | keyword |
| container.labels | Image labels. | object |
| container.name | Container name. | keyword |
| data_stream.dataset | Data stream dataset. | constant_keyword |
| data_stream.namespace | Data stream namespace. | constant_keyword |
| data_stream.type | Data stream type. | constant_keyword |
| ecs.version | ECS version | keyword |
| event.created | Date/time when the event was first read by an agent, or by your pipeline. | date |
| event.dataset | Event dataset | constant_keyword |
| event.module | Event module | constant_keyword |
| host.architecture | Operating system architecture. | keyword |
| host.containerized | If the host is a container. | boolean |
| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
| host.hostname | Hostname of the host. It normally contains what the \`hostname\` command returns on the host machine. | keyword |
| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of \`beat.name\`. | keyword |
| host.ip | Host ip addresses. | ip |
| host.mac | Host mac addresses. | keyword |
| host.name | Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword |
| host.os.build | OS build information. | keyword |
| host.os.codename | OS codename, if any. | keyword |
| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword |
| host.os.kernel | Operating system kernel version as a raw string. | keyword |
| host.os.name | Operating system name, without the version. | keyword |
| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword |
| host.os.version | Operating system version as a raw string. | keyword |
| host.type | Type of host. For Cloud providers this can be the machine type like \`t2.medium\`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
| input.type | Input type | keyword |
| log.file.path | Log path | keyword |
| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in \`log.level\`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are \`warn\`, \`err\`, \`i\`, \`informational\`. | keyword |
| log.offset | Log offset | long |
| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text |
| nginx.error.connection_id | Connection identifier. | long |
| process.pid | Process id. | long |
| process.thread.id | Thread ID. | long |
| tags | List of keywords used to tag each event. | keyword |
## Metrics
### Stub Status Metrics
The Nginx \`stubstatus\` stream collects data from the Nginx \`ngx_http_stub_status\` module. It scrapes the server status
data from the web page generated by \`ngx_http_stub_status\`. Please verify that your Nginx distribution comes with the mentioned
module and it's enabled in the Nginx configuration file:
\`\`\`
location /nginx_status {
stub_status;
allow 127.0.0.1; # only allow requests from localhost
deny all; # deny all other hosts
}
\`\`\`
It's highly recommended to replace \`127.0.0.1\` with your servers IP address and make sure that this page accessible to only you.
An example event for \`stubstatus\` looks as following:
\`\`\`json
{
"@timestamp": "2020-12-03T11:47:31.996Z",
"host": {
"hostname": "a73e7856c209",
"architecture": "x86_64",
"os": {
"codename": "Core",
"platform": "centos",
"version": "7 (Core)",
"family": "redhat",
"name": "CentOS Linux",
"kernel": "4.9.184-linuxkit"
},
"name": "a73e7856c209",
"id": "06c26569966fd125c15acac5d7feffb6",
"containerized": true,
"ip": [
"192.168.80.6"
],
"mac": [
"02:42:c0:a8:50:06"
]
},
"service": {
"type": "nginx",
"address": "http://elastic-package-service_nginx_1:80/server-status"
},
"nginx": {
"stubstatus": {
"requests": 13,
"waiting": 0,
"hostname": "elastic-package-service_nginx_1:80",
"accepts": 13,
"handled": 13,
"current": 13,
"dropped": 0,
"writing": 1,
"active": 1,
"reading": 0
}
},
"elastic_agent": {
"snapshot": true,
"version": "7.11.0",
"id": "5ca3af72-37c3-48b6-92e8-176d154bb66f"
},
"ecs": {
"version": "1.6.0"
},
"event": {
"dataset": "nginx.stubstatus",
"module": "nginx",
"duration": 2231100
},
"metricset": {
"period": 10000,
"name": "stubstatus"
},
"data_stream": {
"type": "metrics",
"dataset": "nginx.stubstatus",
"namespace": "ep"
},
"agent": {
"type": "metricbeat",
"version": "7.11.0",
"hostname": "a73e7856c209",
"ephemeral_id": "1fbb4215-4ba3-42fa-9984-244b112c9a17",
"id": "2689a72c-6e18-45fe-b493-af1ec86af2b3",
"name": "a73e7856c209"
}
}
\`\`\`
**Exported fields**
| Field | Description | Type |
| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| @timestamp | Event timestamp. | date |
| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
| cloud.availability_zone | Availability zone in which this host is running. | keyword |
| cloud.image.id | Image ID for the cloud instance. | keyword |
| cloud.instance.id | Instance ID of the host machine. | keyword |
| cloud.instance.name | Instance name of the host machine. | keyword |
| cloud.machine.type | Machine type of the host machine. | keyword |
| cloud.project.id | Name of the project in Google Cloud. | keyword |
| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
| cloud.region | Region in which this host is running. | keyword |
| container.id | Unique container id. | keyword |
| container.image.name | Name of the image the container was built on. | keyword |
| container.labels | Image labels. | object |
| container.name | Container name. | keyword |
| data_stream.dataset | Data stream dataset. | constant_keyword |
| data_stream.namespace | Data stream namespace. | constant_keyword |
| data_stream.type | Data stream type. | constant_keyword |
| ecs.version | ECS version | keyword |
| event.dataset | Event dataset | constant_keyword |
| event.module | Event module | constant_keyword |
| host.architecture | Operating system architecture. | keyword |
| host.containerized | If the host is a container. | boolean |
| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
| host.hostname | Hostname of the host. It normally contains what the \`hostname\` command returns on the host machine. | keyword |
| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of \`beat.name\`. | keyword |
| host.ip | Host ip addresses. | ip |
| host.mac | Host mac addresses. | keyword |
| host.name | Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword |
| host.os.build | OS build information. | keyword |
| host.os.codename | OS codename, if any. | keyword |
| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword |
| host.os.kernel | Operating system kernel version as a raw string. | keyword |
| host.os.name | Operating system name, without the version. | keyword |
| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword |
| host.os.version | Operating system version as a raw string. | keyword |
| host.type | Type of host. For Cloud providers this can be the machine type like \`t2.medium\`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
| nginx.stubstatus.accepts | The total number of accepted client connections. | long |
| nginx.stubstatus.active | The current number of active client connections including Waiting connections. | long |
| nginx.stubstatus.current | The current number of client requests. | long |
| nginx.stubstatus.dropped | The total number of dropped client connections. | long |
| nginx.stubstatus.handled | The total number of handled client connections. | long |
| nginx.stubstatus.hostname | Nginx hostname. | keyword |
| nginx.stubstatus.reading | The current number of connections where Nginx is reading the request header. | long |
| nginx.stubstatus.requests | The total number of client requests. | long |
| nginx.stubstatus.waiting | The current number of idle client connections waiting for a request. | long |
| nginx.stubstatus.writing | The current number of connections where Nginx is writing the response back to the client. | long |
| service.address | Service address | keyword |
| service.type | Service type | keyword |
`;

343
x-pack/plugins/fleet/storybook/context/fixtures/readme.okta.ts Normal file
View file

@ -0,0 +1,343 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export const readme = `# Okta Integration
The Okta integration collects events from the Okta API, specifically reading from the Okta System Log API.
## Logs
### System
The Okta System Log records system events related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems. This module is implemented using the httpjson input and is configured to paginate through the logs while honoring any rate-limiting headers sent by Okta.
An example event for \`system\` looks as following:
\`\`\`json
{
"@timestamp": "2020-02-14T20:18:57.718Z",
"agent": {
"ephemeral_id": "c8d18964-83d3-4be1-809c-201de8688e6b",
"hostname": "docker-fleet-agent",
"id": "62554406-4558-40ed-9cd2-c68d978882ff",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "7.13.0"
},
"client": {
"geo": {
"city_name": "Dublin",
"country_name": "United States",
"location": {
"lat": 37.7201,
"lon": -121.919
},
"region_name": "California"
},
"ip": "108.255.197.247",
"user": {
"full_name": "xxxxxx",
"id": "00u1abvz4pYqdM8ms4x6"
}
},
"data_stream": {
"dataset": "okta.system",
"namespace": "ep",
"type": "logs"
},
"ecs": {
"version": "1.9.0"
},
"elastic_agent": {
"id": "52c5ef7a-f604-488a-b39c-4ab431eb930e",
"snapshot": true,
"version": "7.13.0"
},
"event": {
"action": "user.session.start",
"category": [
"authentication",
"session"
],
"created": "2021-05-31T10:31:04.833Z",
"dataset": "okta.system",
"id": "3aeede38-4f67-11ea-abd3-1f5d113f2546",
"ingested": "2021-05-31T10:31:05.861084700Z",
"kind": "event",
"original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}",
"outcome": "success",
"type": [
"start",
"user"
]
},
"host": {
"name": "docker-fleet-agent"
},
"input": {
"type": "httpjson"
},
"okta": {
"actor": {
"alternate_id": "xxxxxx@elastic.co",
"display_name": "xxxxxx",
"id": "00u1abvz4pYqdM8ms4x6",
"type": "User"
},
"authentication_context": {
"authentication_step": 0,
"external_session_id": "102bZDNFfWaQSyEZQuDgWt-uQ"
},
"client": {
"device": "Computer",
"ip": "108.255.197.247",
"user_agent": {
"browser": "FIREFOX",
"os": "Mac OS X",
"raw_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"
},
"zone": "null"
},
"debug_context": {
"debug_data": {
"device_fingerprint": "541daf91d15bef64a7e08c946fd9a9d0",
"request_id": "XkcAsWb8WjwDP76xh@1v8wAABp0",
"request_uri": "/api/v1/authn",
"threat_suspected": "false",
"url": "/api/v1/authn?"
}
},
"display_message": "User login to Okta",
"event_type": "user.session.start",
"outcome": {
"result": "SUCCESS"
},
"transaction": {
"id": "XkcAsWb8WjwDP76xh@1v8wAABp0",
"type": "WEB"
},
"uuid": "3aeede38-4f67-11ea-abd3-1f5d113f2546"
},
"related": {
"ip": [
"108.255.197.247"
],
"user": [
"xxxxxx"
]
},
"source": {
"as": {
"number": 7018,
"organization": {
"name": "AT\u0026T Services, Inc."
}
},
"geo": {
"city_name": "Dublin",
"continent_name": "North America",
"country_iso_code": "US",
"country_name": "United States",
"location": {
"lat": 37.7201,
"lon": -121.919
},
"region_iso_code": "US-CA",
"region_name": "California"
},
"ip": "108.255.197.247",
"user": {
"full_name": "xxxxxx",
"id": "00u1abvz4pYqdM8ms4x6"
}
},
"tags": [
"forwarded",
"preserve_original_event"
],
"user": {
"full_name": "xxxxxx"
},
"user_agent": {
"device": {
"name": "Mac"
},
"name": "Firefox",
"original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0",
"os": {
"full": "Mac OS X 10.15",
"name": "Mac OS X",
"version": "10.15"
},
"version": "72.0."
}
}
\`\`\`
**Exported fields**
| Field | Description | Type |
| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| @timestamp | Event timestamp. | date |
| client.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
| client.as.organization.name | Organization name. | keyword |
| client.domain | Client domain. | keyword |
| client.geo.city_name | City name. | keyword |
| client.geo.country_name | Country name. | keyword |
| client.geo.location | Longitude and latitude. | geo_point |
| client.geo.region_name | Region name. | keyword |
| client.ip | IP address of the client (IPv4 or IPv6). | ip |
| client.user.full_name | User's full name, if available. | keyword |
| client.user.id | Unique identifier of the user. | keyword |
| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
| cloud.availability_zone | Availability zone in which this host is running. | keyword |
| cloud.image.id | Image ID for the cloud instance. | keyword |
| cloud.instance.id | Instance ID of the host machine. | keyword |
| cloud.instance.name | Instance name of the host machine. | keyword |
| cloud.machine.type | Machine type of the host machine. | keyword |
| cloud.project.id | Name of the project in Google Cloud. | keyword |
| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
| cloud.region | Region in which this host is running. | keyword |
| container.id | Unique container id. | keyword |
| container.image.name | Name of the image the container was built on. | keyword |
| container.labels | Image labels. | object |
| container.name | Container name. | keyword |
| data_stream.dataset | Data stream dataset name. | constant_keyword |
| data_stream.namespace | Data stream namespace. | constant_keyword |
| data_stream.type | Data stream type. | constant_keyword |
| destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
| destination.as.organization.name | Organization name. | keyword |
| destination.geo.city_name | City name. | keyword |
| destination.geo.continent_name | Name of the continent. | keyword |
| destination.geo.country_iso_code | Country ISO code. | keyword |
| destination.geo.country_name | Country name. | keyword |
| destination.geo.location | Longitude and latitude. | geo_point |
| destination.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
| destination.geo.region_iso_code | Region ISO code. | keyword |
| destination.geo.region_name | Region name. | keyword |
| destination.ip | IP address of the destination (IPv4 or IPv6). | ip |
| ecs.version | ECS version this event conforms to. \`ecs.version\` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword |
| error.message | Error message. | match_only_text |
| event.action | The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer. | keyword |
| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the "big buckets" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword |
| event.dataset | Event dataset | constant_keyword |
| event.id | Unique ID to describe the event. | keyword |
| event.ingested | Timestamp when an event arrived in the central data store. This is different from \`@timestamp\`, which is when the event originally occurred. It's also different from \`event.created\`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: \`@timestamp\` \< \`event.created\` \< \`event.ingested\`. | date |
| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. \`event.kind\` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword |
| event.module | Event module | constant_keyword |
| event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from \`_source\`. If users wish to override this and index this field, please see \`Field data types\` in the \`Elasticsearch Reference\`. | keyword |
| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. \`event.outcome\` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of \`event.outcome\`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with \`event.type:info\`, or any events for which an outcome does not make logical sense. | keyword |
| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. \`event.type\` represents a categorization "sub-bucket" that, when used along with the \`event.category\` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword |
| host.architecture | Operating system architecture. | keyword |
| host.containerized | If the host is a container. | boolean |
| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
| host.hostname | Hostname of the host. It normally contains what the \`hostname\` command returns on the host machine. | keyword |
| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of \`beat.name\`. | keyword |
| host.ip | Host ip addresses. | ip |
| host.mac | Host mac addresses. | keyword |
| host.name | Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword |
| host.os.build | OS build information. | keyword |
| host.os.codename | OS codename, if any. | keyword |
| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword |
| host.os.kernel | Operating system kernel version as a raw string. | keyword |
| host.os.name | Operating system name, without the version. | keyword |
| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword |
| host.os.version | Operating system version as a raw string. | keyword |
| host.type | Type of host. For Cloud providers this can be the machine type like \`t2.medium\`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
| input.type | Type of Filebeat input. | keyword |
| log.file.path | Path to the log file. | keyword |
| log.flags | Flags for the log file. | keyword |
| log.offset | Offset of the entry in the log file. | long |
| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
| okta.actor.alternate_id | Alternate identifier of the actor. | keyword |
| okta.actor.display_name | Display name of the actor. | keyword |
| okta.actor.id | Identifier of the actor. | keyword |
| okta.actor.type | Type of the actor. | keyword |
| okta.authentication_context.authentication_provider | The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER. | keyword |
| okta.authentication_context.authentication_step | The authentication step. | integer |
| okta.authentication_context.credential_provider | The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY. | keyword |
| okta.authentication_context.credential_type | The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID. | keyword |
| okta.authentication_context.external_session_id | The session identifer of the external session if any. | keyword |
| okta.authentication_context.interface | The interface used. e.g., Outlook, Office365, wsTrust | keyword |
| okta.authentication_context.issuer.id | The identifier of the issuer. | keyword |
| okta.authentication_context.issuer.type | The type of the issuer. | keyword |
| okta.client.device | The information of the client device. | keyword |
| okta.client.id | The identifier of the client. | keyword |
| okta.client.ip | The IP address of the client. | ip |
| okta.client.user_agent.browser | The browser informaton of the client. | keyword |
| okta.client.user_agent.os | The OS informaton. | keyword |
| okta.client.user_agent.raw_user_agent | The raw informaton of the user agent. | keyword |
| okta.client.zone | The zone information of the client. | keyword |
| okta.debug_context.debug_data.device_fingerprint | The fingerprint of the device. | keyword |
| okta.debug_context.debug_data.request_id | The identifier of the request. | keyword |
| okta.debug_context.debug_data.request_uri | The request URI. | keyword |
| okta.debug_context.debug_data.threat_suspected | Threat suspected. | keyword |
| okta.debug_context.debug_data.url | The URL. | keyword |
| okta.display_message | The display message of the LogEvent. | keyword |
| okta.event_type | The type of the LogEvent. | keyword |
| okta.outcome.reason | The reason of the outcome. | keyword |
| okta.outcome.result | The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. | keyword |
| okta.request.ip_chain.geographical_context.city | The city. | keyword |
| okta.request.ip_chain.geographical_context.country | The country. | keyword |
| okta.request.ip_chain.geographical_context.geolocation | Geolocation information. | geo_point |
| okta.request.ip_chain.geographical_context.postal_code | The postal code. | keyword |
| okta.request.ip_chain.geographical_context.state | The state. | keyword |
| okta.request.ip_chain.ip | IP address. | ip |
| okta.request.ip_chain.source | Source information. | keyword |
| okta.request.ip_chain.version | IP version. Must be one of V4, V6. | keyword |
| okta.security_context.as.number | The AS number. | integer |
| okta.security_context.as.organization.name | The organization name. | keyword |
| okta.security_context.domain | The domain name. | keyword |
| okta.security_context.is_proxy | Whether it is a proxy or not. | boolean |
| okta.security_context.isp | The Internet Service Provider. | keyword |
| okta.severity | The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR. | keyword |
| okta.target.alternate_id | Alternate identifier of the actor. | keyword |
| okta.target.display_name | Display name of the actor. | keyword |
| okta.target.id | Identifier of the actor. | keyword |
| okta.target.type | Type of the actor. | keyword |
| okta.transaction.id | Identifier of the transaction. | keyword |
| okta.transaction.type | The type of transaction. Must be one of "WEB", "JOB". | keyword |
| okta.uuid | The unique identifier of the Okta LogEvent. | keyword |
| okta.version | The version of the LogEvent. | keyword |
| related.ip | All of the IPs seen on your event. | ip |
| related.user | All the user names or other user identifiers seen on the event. | keyword |
| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
| source.as.organization.name | Organization name. | keyword |
| source.domain | Source domain. | keyword |
| source.geo.city_name | City name. | keyword |
| source.geo.continent_name | Name of the continent. | keyword |
| source.geo.country_iso_code | Country ISO code. | keyword |
| source.geo.country_name | Country name. | keyword |
| source.geo.location | Longitude and latitude. | geo_point |
| source.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
| source.geo.region_iso_code | Region ISO code. | keyword |
| source.geo.region_name | Region name. | keyword |
| source.ip | IP address of the source (IPv4 or IPv6). | ip |
| source.user.full_name | User's full name, if available. | keyword |
| source.user.id | Unique identifier of the user. | keyword |
| tags | List of keywords used to tag each event. | keyword |
| user.domain | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | keyword |
| user.email | User email address. | keyword |
| user.full_name | User's full name, if available. | keyword |
| user.id | Unique identifier of the user. | keyword |
| user.name | Short name or login of the user. | keyword |
| user.target.domain | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | keyword |
| user.target.email | User email address. | keyword |
| user.target.full_name | User's full name, if available. | keyword |
| user.target.group.domain | Name of the directory the group is a member of. For example, an LDAP or Active Directory domain name. | keyword |
| user.target.group.id | Unique identifier for the group on the system/platform. | keyword |
| user.target.group.name | Name of the group. | keyword |
| user.target.id | Unique identifier of the user. | keyword |
| user.target.name | Short name or login of the user. | keyword |
| user_agent.device.name | Name of the device. | keyword |
| user_agent.name | Name of the user agent. | keyword |
| user_agent.original | Unparsed user_agent string. | keyword |
| user_agent.os.full | Operating system name, including the version or code name. | keyword |
| user_agent.os.name | Operating system name, without the version. | keyword |
| user_agent.os.version | Operating system version as a raw string. | keyword |
| user_agent.version | Version of the user agent. | keyword |
`;

24
x-pack/plugins/fleet/storybook/context/http.ts
View file

@ -27,6 +27,8 @@ export const getHttp = (basepath = BASE_PATH) => {
serverBasePath: basepath,
},
get: (async (path: string, options: HttpFetchOptions) => {
// TODO: all of this needs revision, as it's far too clunky... but it works for now,
// with the few paths we're supporting.
if (path === '/api/fleet/agents/setup') {
if (!isReady) {
isReady = true;
@ -50,6 +52,28 @@ export const getHttp = (basepath = BASE_PATH) => {
return await import('./fixtures/packages');
}
// Ideally, this would be a markdown file instead of a ts file, but we don't have
// markdown-loader in our package.json, so we'll make do with what we have.
if (path.startsWith('/api/fleet/epm/packages/nginx/')) {
const { readme } = await import('./fixtures/readme.nginx');
return readme;
}
if (path.startsWith('/api/fleet/epm/packages/nginx')) {
return await import('./fixtures/integration.nginx');
}
// Ideally, this would be a markdown file instead of a ts file, but we don't have
// markdown-loader in our package.json, so we'll make do with what we have.
if (path.startsWith('/api/fleet/epm/packages/okta/')) {
const { readme } = await import('./fixtures/readme.okta');
return readme;
}
if (path.startsWith('/api/fleet/epm/packages/okta')) {
return await import('./fixtures/integration.okta');
}
return {};
}) as HttpHandler,
} as unknown as HttpStart;